Tuesday, October 8, 2024
HomeCiscoCisco NX-OS Software Flaw Let Attacker Trigger a DoS Attack

Cisco NX-OS Software Flaw Let Attacker Trigger a DoS Attack

Published on

A high-severity vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software might allow an unauthenticated local attacker to force an affected device to unintentionally reload.

NX-OS is a network operating system for Cisco Systems’ Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network devices. It originated from the SAN-OS operating system developed by Cisco for their MDS switches.

With a CVSS score of 7.1, this vulnerability is tagged as CVE-2023-20168.  If the exploit is successful, the attacker may be able to trigger an unexpected device reload that would create a denial of service (DoS) attack.

- Advertisement - EHA

This vulnerability has been fixed by software updates from Cisco. There are no workarounds that address this vulnerability.

Details of the Vulnerability

Cisco stated that if the directed request option for TACACS+ or RADIUS is enabled, this vulnerability arises by incorrect input validation when processing an authentication attempt.

By providing a specially crafted string at the login prompt of a compromised device, an attacker might take advantage of this vulnerability.

“This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS,” Cisco said in its security advisory.

“A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.”

Affected Products

If the directed request option is enabled for TACACS+, RADIUS, or both on a vulnerable edition of Cisco NX-OS Software, it might affect the following Cisco products:

  • MDS 9000 Series Multilayer Switches (CSCwe72670)
  • Nexus 1000 Virtual Edge for VMware vSphere (CSCwe72673)
  • Nexus 1000V Switch for Microsoft Hyper-V (CSCwe72673)
  • Nexus 1000V Switch for VMware vSphere (CSCwe72673)
  • Nexus 3000 Series Switches (CSCwe72648)
  • Nexus 5500 Platform Switches (CSCwe72674)
  • Nexus 5600 Platform Switches (CSCwe72674)
  • Nexus 6000 Series Switches (CSCwe72674)
  • Nexus 7000 Series Switches (CSCwe72368)
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCwe72648)

“This vulnerability can only be exploited over Telnet, which is disabled by default, or over the console management connection. This vulnerability cannot be exploited over SSH connections to the device”, Cisco said.

To Identify Vulnerable Configuration

Use the show running-config | include the directed-request command to see if the directed request option is enabled for TACACS+ or RADIUS.

This vulnerability may affect the device if the command returns tacacs-server directed-request or radius-server directed-request.

Products Not Vulnerable

  • Firepower 1000 Series
  • Firepower 2100 Series
  • Firepower 4100 Series
  • Firepower 9300 Security Appliances
  • Nexus 9000 Series Fabric Switches in ACI mode
  • Secure Firewall 3100 Series
  • UCS 6200 Series Fabric Interconnects
  • UCS 6300 Series Fabric Interconnects
  • UCS 6400 Series Fabric Interconnects
  • UCS 6500 Series Fabric Interconnects

Fixed Software

To address this issue, Cisco has published the following SMUs.

Customers may get the SMUs from Cisco.com’s Software Centre.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...