Your one-stop web resource providing safety and security information to manufacturers

Cisco released fixes for to address 41 vulnerabilities in multiple Cisco products where a remote attacker could exploit them to take control of an affected system.

In the most severe vulnerability, labeled critical by Cisco, there is an issue in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

RELATED STORIES
Cisco Fixes Router Vulnerability
Cisco Re-Patches Router Holes
Cisco Fixes UI or IOS XE Software
Cisco Fixes CSPC, Won’t Fix IP Phone Hole

The vulnerability is due to the presence of a default SSH key pair that is present in all devices, Cisco said.

An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.

Cyber Security

Cisco released software updates that address this vulnerability and there are no workarounds that address this vulnerability. Click here to view the advisory for the vulnerability.

This vulnerability affects the following Cisco products if they are running a Cisco NX-OS Software release prior to 14.1(1i): Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode

This vulnerability is fixed in Cisco Nexus 9000 Series ACI Mode Switch Software release 14.1(1i)and later.

In terms of vulnerability criticality, there one labeled critical, 22 high and 18 medium.

Click here for a complete rundown on all the Cisco vulnerabilities.

Pin It on Pinterest

Share This