The CISCO Nexus series switches release critical patch update-bug warning-the black bar safety net

2016-10-22T00:00:00
ID MYHACK58:62201680443
Type myhack58
Reporter 佚名
Modified 2016-10-22T00:00:00

Description

! Cisco recently released a batch of patches, mainly for the CISCO Nexus 7 0 0 0 series switch with Nexus OS software. Nexus OTV(overlay transport virtualization)buffer overflow vulnerability According to the recent Cisco security Bulletin, Nexus 7 0 0 0 and the Nexus 7 7 0 0 series switches exist OTV(overlay transport virtualization)buffer overflow vulnerabilities, namely CVE-2 0 1 6-1 4 5 3 The. Cisco security Bulletin stated: “The Cisco Nexus 7 0 0 0/7 7 0 0 series switches OTV GRE implementation that may allow an unauthorized attacker on the system caused by overload attacks and even remote code execution.” Caused by the the reason for this result is due to the OTV packet header parameters did not improve the size of the check. To this end, Cisco has released the corresponding software update and solutions as much as possible to reduce the vulnerability of risk. Cisco Nexus SSH subsystem vulnerability to bypass the AAA limit Cisco Nexus products, the configuration of the OTV capabilities of the Cisco Nexus 7 0 0 0/7 7 0 0 are in the vulnerability of the column. While the OTV feature with the Cisco NX-OS software version 5.0, the Cisco Nexus 7 0 0 0 series, and Cisco NX-OS introduced. Cisco's announcement also said: “In addition, Cisco also released an update to fix a serious Vulnerability, CVE-2 0 1 5-0 7 2 of 1. This vulnerability with Cisco Nexus SSH subsystem related. The vulnerability can allow an unauthorized attacker to bypass the AAA to limit the remote execution of commands. An attacker using this vulnerability, you can log in to the affected device to send a malicious value. In the exploit is successful, attackers will be able to bypass the AAA restrictions, and device command line to a different set of permissions of the role to execute the command.” In the author the author, Cisco does not provide vulnerability details. In addition, the Cisco announcement of the NX-OS operating system notice a number of high-risk vulnerabilities. Cisco in addition a number denial of service vulnerability In addition, Cisco also processing another batch are rated as high vulnerability: CVE-2 0 1 6-1 4 5 4: Cisco NX-OS border Network Management Protocol(BGP) denial of service vulnerability “This is Cisco NX-OS at the boundary of the Network Management Protocol to achieve that occurs when the vulnerability, which allows unauthorized attacker to the device overloads, the last of the system causing a denial of service attack. This vulnerability is because the system of the BGP upgrade message authentication is not perfect.” The following will be referred to the DHCPv4 packet denial of service vulnerability, Cisco has already released the update, but still not the right solution. CVE-2 0 1 5-6 3 9 2: Cisco NX-OS software in the DHCPv4 packet cause a denial of service vulnerability “In Cisco NX-OS software, DHCPv4 relay proxy, and smart Relay Agent implemented on the emergence of a loophole. It allows unauthorized attacker to remotely for the affected equipment for denial of service attacks. This vulnerability is due to the system for the DHCPv4 offer packet verification is imperfect.” CVE-2 0 1 5-6 3 9 3: the Cisco NX-OS software in malformations of the DHCPv4 packet to cause a denial of service vulnerability “Cisco NX-OS software, DHCPv4 relay agent on the emergence of a vulnerability that allows unauthorized attacker to the device for remote denial of service attack. This vulnerability, it is because the system for malformations of the DHCPv4 packet is not a good check.”