Cisco patches critical vulnerabilities
Cisco released patches for 34 vulnerabilities that include 5 critical, 20 high and 9 medium vulnerabilities. The 5 critical vulnerabilities are in FXOS and NX-OS and NX-API software and could allow an attacker to execute remote arbitrary code that could cause a buffer overflow or in other cases may lead to a DoS attack.
You'll need to wade through Cisco's advisories to work out if the software you're running is vulnerable or already fixed.
All of the critical flaws have a CVSS score of 9.8 out of 10 and four of them affect the FXOS and NX-OS Cisco Fabric Services because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets," according to the security notice. The last critical flaw affects the NX-API feature of NX-OS.
The critical Smart Install flaw has affected 8.5 million devices till now.
The Cisco patch will fix the issues CVE-2018-0308, CVE-2018-0304, CVE-2018-0314 and CVE-2018-0312.
▬ MDS 9000 Series Multilayer Switches
▬ Nexus 2000 Series Fabric Extenders
▬ Nexus 3000 Series Switches
▬ Nexus 3500 Platform Switches
▬ Nexus 5500 Platform Switches
▬ Nexus 5600 Platform Switches
▬ Nexus 6000 Series Switches
▬ Nexus 7000 Series Switches
▬ Nexus 7700 Series Switches
▬ Nexus 9000 Series Switches in a standalone NX-OS mode
▬ Nexus 9500 R-Series Line Cards and Fabric Modules
▬ Firepower 4100 Series Next-Generation Firewalls
▬ Firepower 9300 Security Appliance
▬ UCS 6100 Series Fabric Interconnects
▬ UCS 6200 Series Fabric Interconnects
▬ UCS 6300 Series Fabric Interconnects
The NX-API vulnerability is caused by an incorrect input validation in the authentication module of the NX-API subsystem which can be exploited if an attacker were to send a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled.
The four affecting Cisco Fabric Services are because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets".
get the latest hacking gist hereYou'll need to wade through Cisco's advisories to work out if the software you're running is vulnerable or already fixed.
All of the critical flaws have a CVSS score of 9.8 out of 10 and four of them affect the FXOS and NX-OS Cisco Fabric Services because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets," according to the security notice. The last critical flaw affects the NX-API feature of NX-OS.
The critical Smart Install flaw has affected 8.5 million devices till now.
The Cisco patch will fix the issues CVE-2018-0308, CVE-2018-0304, CVE-2018-0314 and CVE-2018-0312.
▬ MDS 9000 Series Multilayer Switches
▬ Nexus 2000 Series Fabric Extenders
▬ Nexus 3000 Series Switches
▬ Nexus 3500 Platform Switches
▬ Nexus 5500 Platform Switches
▬ Nexus 5600 Platform Switches
▬ Nexus 6000 Series Switches
▬ Nexus 7000 Series Switches
▬ Nexus 7700 Series Switches
▬ Nexus 9000 Series Switches in a standalone NX-OS mode
▬ Nexus 9500 R-Series Line Cards and Fabric Modules
▬ Firepower 4100 Series Next-Generation Firewalls
▬ Firepower 9300 Security Appliance
▬ UCS 6100 Series Fabric Interconnects
▬ UCS 6200 Series Fabric Interconnects
▬ UCS 6300 Series Fabric Interconnects
The NX-API vulnerability is caused by an incorrect input validation in the authentication module of the NX-API subsystem which can be exploited if an attacker were to send a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled.
The four affecting Cisco Fabric Services are because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets".
i am a successful business owner and father. I got one of these already programmed blank ATM cards that allows me withdraw a maximum of $5,000 daily for 30 days. I am so happy about these cards because I received mine last week and have already used it to get $20,000. Skylink technology is giving out these cards to support people in any kind of financial problem. I must be sincere to you, when i first saw the advert, I believed it to be illegal and a hoax but when I contacted this team, they confirmed to me that although it is illegal, nobody gets caught while using these cards because they have been programmed to disable every communication once inserted into any Automated Teller Machine(ATM). If interested get through to them on mail: skylinktechnes@yahoo.com or whatsapp/telegram: +1(213)785-1553
ReplyDelete