A high-severity vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software might allow an unauthenticated local attacker to force an affected device to unintentionally reload.
NX-OS is a network operating system for Cisco Systems’ Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network devices. It originated from the SAN-OS operating system developed by Cisco for their MDS switches.
With a CVSS score of 7.1, this vulnerability is tagged as CVE-2023-20168. If the exploit is successful, the attacker may be able to trigger an unexpected device reload that would create a denial of service (DoS) attack.
This vulnerability has been fixed by software updates from Cisco. There are no workarounds that address this vulnerability.
Cisco stated that if the directed request option for TACACS+ or RADIUS is enabled, this vulnerability arises by incorrect input validation when processing an authentication attempt.
By providing a specially crafted string at the login prompt of a compromised device, an attacker might take advantage of this vulnerability.
“This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS,” Cisco said in its security advisory.
“A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.”
If the directed request option is enabled for TACACS+, RADIUS, or both on a vulnerable edition of Cisco NX-OS Software, it might affect the following Cisco products:
“This vulnerability can only be exploited over Telnet, which is disabled by default, or over the console management connection. This vulnerability cannot be exploited over SSH connections to the device”, Cisco said.
Use the show running-config | include the directed-request command to see if the directed request option is enabled for TACACS+ or RADIUS.
This vulnerability may affect the device if the command returns tacacs-server directed-request or radius-server directed-request.
Products Not Vulnerable
Fixed Software
To address this issue, Cisco has published the following SMUs.
Customers may get the SMUs from Cisco.com’s Software Centre.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…
Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…
A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…