Critical bugs in Cisco's data centre hardware
Source: Cisco The network hardware specialist Cisco has issued a security advisory that documents a number of security vulnerabilities in Cisco NX-OS, which should be fixed by updates. Cisco NX-OS is an operating system for network components optimised for high availability. Among the affected devices are the Nexus range of data centre switches, the Cisco 6100/6200 switches in Cisco's Unified Computing server fabric, the MDS 9000 series of multilayer switches for storage area networks, and the Cisco 1000 series connected grid router, designed for use in energy, gas and water supply.
Two potential buffer overruns in the SNMP subsystems are particularly critical (CVE-2013-1179, CVE-2013-1180) with the first concerning the License Manager, though both can be exploited and, in the worst case, be used to inject and execute code on the network. That scenario also applies to the buffer overflows found in the Cisco Discovery Protocol (CVE-2013-1178), but CDP works on layer 2 of the network and is therefore limited to the network local to a device. In addition, Cisco also eliminated a denial-of-service problem in the handling of jumbo frames (CVE-2013-1181).
The advisory, Multiple Vulnerabilities in Cisco NX-OS-Based Products, provides more detailed information about the flaws and the updates to resolve them.