Cisco NX-OS Software Flaw Let Attacker Trigger a DoS Attack

A high-severity vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software might allow an unauthenticated local attacker to force an affected device to unintentionally reload.

NX-OS is a network operating system for Cisco Systems’ Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network devices. It originated from the SAN-OS operating system developed by Cisco for their MDS switches.

With a CVSS score of 7.1, this vulnerability is tagged as CVE-2023-20168.  If the exploit is successful, the attacker may be able to trigger an unexpected device reload that would create a denial of service (DoS) attack.

This vulnerability has been fixed by software updates from Cisco. There are no workarounds that address this vulnerability.

Details of the Vulnerability

Cisco stated that if the directed request option for TACACS+ or RADIUS is enabled, this vulnerability arises by incorrect input validation when processing an authentication attempt.

By providing a specially crafted string at the login prompt of a compromised device, an attacker might take advantage of this vulnerability.

“This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS,” Cisco said in its security advisory.

“A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.”

Affected Products

If the directed request option is enabled for TACACS+, RADIUS, or both on a vulnerable edition of Cisco NX-OS Software, it might affect the following Cisco products:

  • MDS 9000 Series Multilayer Switches (CSCwe72670)
  • Nexus 1000 Virtual Edge for VMware vSphere (CSCwe72673)
  • Nexus 1000V Switch for Microsoft Hyper-V (CSCwe72673)
  • Nexus 1000V Switch for VMware vSphere (CSCwe72673)
  • Nexus 3000 Series Switches (CSCwe72648)
  • Nexus 5500 Platform Switches (CSCwe72674)
  • Nexus 5600 Platform Switches (CSCwe72674)
  • Nexus 6000 Series Switches (CSCwe72674)
  • Nexus 7000 Series Switches (CSCwe72368)
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCwe72648)

“This vulnerability can only be exploited over Telnet, which is disabled by default, or over the console management connection. This vulnerability cannot be exploited over SSH connections to the device”, Cisco said.

To Identify Vulnerable Configuration

Use the show running-config | include the directed-request command to see if the directed request option is enabled for TACACS+ or RADIUS.

This vulnerability may affect the device if the command returns tacacs-server directed-request or radius-server directed-request.

Products Not Vulnerable

  • Firepower 1000 Series
  • Firepower 2100 Series
  • Firepower 4100 Series
  • Firepower 9300 Security Appliances
  • Nexus 9000 Series Fabric Switches in ACI mode
  • Secure Firewall 3100 Series
  • UCS 6200 Series Fabric Interconnects
  • UCS 6300 Series Fabric Interconnects
  • UCS 6400 Series Fabric Interconnects
  • UCS 6500 Series Fabric Interconnects

Fixed Software

To address this issue, Cisco has published the following SMUs.

Customers may get the SMUs from Cisco.com’s Software Centre.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

20 hours ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

20 hours ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

20 hours ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

20 hours ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

2 days ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

2 days ago