Cisco released a security advisory addressing vulnerabilities in its Fabric Services component of Cisco FXOS software, Cisco NX-OS software, and its Data Management Engine (DME). The networking and hardware company stated that it found eight vulnerabilities, in which six vulnerabilities are reported as high severity flaws.
According to the security advisory, the high-severity flaws affecting Cisco’s NX-OS software were tracked as CVE-2020-3397, CVE-2020-3398, CVE-2020-3338, CVE-2020-3415, CVE-2020-3517, and CVE-2020-3454. The two medium severity bugs impacting Cisco’s NX-OS software include CVE-2020-3397 and CVE-2020-3398. These flaws could allow an attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device.
“The vulnerabilities are due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit these vulnerabilities by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition,” the advisory stated.
In addition to the eight vulnerabilities, Cisco also fixed a high severity flaw CVE-2020-3504 that impacted Cisco’s web services interface, Adaptive Security Appliance (ASA), and the Firepower Threat Defense (FTD) software. This vulnerability could have allowed an unauthenticated remote attacker to perform directory traversal attacks and steal sensitive data.
Counterfeit Cisco Switches
Recently, an investigation report from F-Secure revealed a pair of counterfeit network switches impersonating the Cisco network switches. The counterfeit devices, versions of the Cisco Catalyst 2960-X series switches, were designed to bypass authentication processes to system components. According to the investigation, the counterfeit devices did not have any backdoor functionalities, but had the ability to bypass security controls. The counterfeits were physically and operationally similar to an authentic Cisco switch. Threat actors either invested heavily in imitating Cisco’s original design or had access to proprietary engineering documentation to create fake copy, the report said.