Tuesday, July 16, 2024
EHA

Cisco NX-OS Software Flaw Let Attacker Trigger a DoS Attack

A high-severity vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software might allow an unauthenticated local attacker to force an affected device to unintentionally reload.

NX-OS is a network operating system for Cisco Systems’ Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network devices. It originated from the SAN-OS operating system developed by Cisco for their MDS switches.

With a CVSS score of 7.1, this vulnerability is tagged as CVE-2023-20168.  If the exploit is successful, the attacker may be able to trigger an unexpected device reload that would create a denial of service (DoS) attack.

This vulnerability has been fixed by software updates from Cisco. There are no workarounds that address this vulnerability.

Details of the Vulnerability

Cisco stated that if the directed request option for TACACS+ or RADIUS is enabled, this vulnerability arises by incorrect input validation when processing an authentication attempt.

By providing a specially crafted string at the login prompt of a compromised device, an attacker might take advantage of this vulnerability.

“This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS,” Cisco said in its security advisory.

“A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.”

Affected Products

If the directed request option is enabled for TACACS+, RADIUS, or both on a vulnerable edition of Cisco NX-OS Software, it might affect the following Cisco products:

  • MDS 9000 Series Multilayer Switches (CSCwe72670)
  • Nexus 1000 Virtual Edge for VMware vSphere (CSCwe72673)
  • Nexus 1000V Switch for Microsoft Hyper-V (CSCwe72673)
  • Nexus 1000V Switch for VMware vSphere (CSCwe72673)
  • Nexus 3000 Series Switches (CSCwe72648)
  • Nexus 5500 Platform Switches (CSCwe72674)
  • Nexus 5600 Platform Switches (CSCwe72674)
  • Nexus 6000 Series Switches (CSCwe72674)
  • Nexus 7000 Series Switches (CSCwe72368)
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCwe72648)

“This vulnerability can only be exploited over Telnet, which is disabled by default, or over the console management connection. This vulnerability cannot be exploited over SSH connections to the device”, Cisco said.

To Identify Vulnerable Configuration

Use the show running-config | include the directed-request command to see if the directed request option is enabled for TACACS+ or RADIUS.

This vulnerability may affect the device if the command returns tacacs-server directed-request or radius-server directed-request.

Products Not Vulnerable

  • Firepower 1000 Series
  • Firepower 2100 Series
  • Firepower 4100 Series
  • Firepower 9300 Security Appliances
  • Nexus 9000 Series Fabric Switches in ACI mode
  • Secure Firewall 3100 Series
  • UCS 6200 Series Fabric Interconnects
  • UCS 6300 Series Fabric Interconnects
  • UCS 6400 Series Fabric Interconnects
  • UCS 6500 Series Fabric Interconnects

Fixed Software

To address this issue, Cisco has published the following SMUs.

Customers may get the SMUs from Cisco.com’s Software Centre.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Website

Latest articles

New Poco RAT Weaponizing 7zip Files Using Google Drive

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.These...

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails...

Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the...

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles