Cisco Updates

Your review has been sent successfully

Cisco Updates

2948

Classification

Security Alert

● Critical

● High

● Medium

● Low

Warning Date

Severity Level

Warning Number

Target Sector

27 February, 2020

● High

2020-968

All

Description:

Cisco has released security updates to address multiple vulnerabilities in the following products:

Cisco FXOS Software
- Firepower 1000 Series
- Firepower 2100 Series
- Firepower 4100 Series
- Firepower 9300 Security Appliances
MDS 9000 Series Multilayer Switches
- With NX-API feature enabled, running Cisco NX-OS Software releases earlier than Release 8.4(1)
Nexus 7000 Series Switches
- With NX-API feature enabled, running Cisco NX-OS Software releases earlier than Release 8.2(5)
- With Cisco NX-OS Software anycast gateway feature enabled.
Nexus 3000 Series Switches
- With Cisco NX-OS Software anycast gateway feature enabled.
- With Cisco NX-OS Software Release 9.2(1), 9.2(2), 9.2(3), or 9.3(1); had BGP MD5 authentication configured; and had the NX-OS BGP VRF name configured to be greater than 19 characters.
Nexus 9000 Series Switches in standalone NX-OS mode
- With Cisco NX-OS Software Release 9.2(1), 9.2(2), 9.2(3), or 9.3(1); had BGP MD5 authentication configured; and had the NX-OS BGP VRF name configured to be greater than 19 characters.
- With Cisco NX-OS Software anycast gateway feature enabled.
Cisco FXOS and NX-OS Software that are configured to use Cisco Discovery Protocol:
- Firepower 4100 Series
- Firepower 9300 Security Appliances
- MDS 9000 Series Multilayer Switches
- Nexus 1000 Virtual Edge for VMware vSphere
- Nexus 1000V Switch for Microsoft Hyper-V
- Nexus 1000V Switch for VMware vSphere
- Nexus 5500 Platform Switches
- Nexus 5600 Platform Switches
- Nexus 6000 Series Switches
- Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
- UCS 6200 Series Fabric Interconnects
- UCS 6300 Series Fabric Interconnects
Cisco FXOS and UCS Manager Software for the following products:
- Firepower 2100 Series
- Firepower 4100 Series
- Firepower 9300 Security Appliances
- UCS 6200 Series Fabric Interconnects
- UCS 6300 Series Fabric Interconnects
- UCS 6400 Series Fabric Interconnects
Cisco Connected Grid Routers
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco Small Business RV Series RV110W Wireless-N VPN Firewall
Cisco Small Business RV Series RV215W Wireless-N VPN Router
Cisco Small Business RV130 Series VPN Routers
Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE
Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE
Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE
Cisco WAP571 Wireless-AC/N Premium Dual Radio Access Point with PoE
Cisco WAP571E Wireless-AC/N Premium Dual Radio Outdoor Access Point
Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point
Cisco Wireless IP Phone 8821
Cisco Catalyst 9115 Series Wi-Fi 6 Access Points
Cisco Catalyst 9120 Series Access Points

Threats:

Attacker could exploit these vulnerabilities by doing the following:

Execute arbitrary code with a privilege level of root on Cisco FXOS.
Remote denial of service (DoS) condition in the NX-API service.
Sending a malicious GARP packet to the ARP table on the device to become corrupted in Cisco NX-OS.
Decrypt Wi-Fi frames without the knowledge of WPA or WPA2.

Best practice and Recommendations:

The CERT team encourages users to review Cisco security advisory and apply the necessary updates:

Last updated at 27 February, 2020

Cisco Updates

Classification

Most Viewed Warnings