On March 6th Cisco released 29 high and medium rated PSIRT notices for NX-OS based platforms. These platforms include the Cisco Nexus 3000 – 9000 series and Nexus adjacent platforms FX-OS and UCS Fabric Interconnect platforms. Not all advisories affect all platforms but all platforms are affected by at least one high rated vulnerability. The vulnerabilities range from command and code execution, privilege escalation, denial of service, and arbitrary file read vulnerabilities. This is just about everything bad that could affect core infrastructure devices.
If you haven’t updated your switch in a while this is probably the time too. Within some of the advisories Cisco notes that they are providing free updates:
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.
I’ve included a table of the fixed in versions notes as of the writing of this post. I would recommend looking at the advisories to assist in selecting the best version as there are other code versions that have integrated the fixes.
Platform | Version |
---|---|
Nexus 1000v | 5.2(1)SM3(2.1) (Hyper-V) 5.2(1)SV3(4.1a) (VMWare) |
Nexus 3000 Nexus 3500 Nexus 3600 | 9.2(2) |
Nexus 5500, 5600, and 6000 Nexus 7000 and 7700 | 8.3(3) |
Nexus 9000 and 9500 | 9.2(2) |
UCS 6200 and 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects | 4.0(2a) |
Cisco has a bundled advisory for all of the high rated notices at the following link,
Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication
I have also included a laundry list of notices including both high and medium rated vulnerabilities for your reference.
Happy patching!
- CVE-2019-1585 Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability
- CVE-2019-1588 Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability
- CVE-2019-1591 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability
- CVE-2019-1595 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
- CVE-2019-1605 Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability
- CVE-2019-1593 Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability
- CVE-2019-1594 Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability
- CVE-2019-1614 Cisco NX-OS Software NX-API Command Injection Vulnerability
- CVE-2019-1606 Cisco NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1607 Cisco NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1608 Cisco NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1609 Cisco NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1610 Cisco NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1611 Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1612 Cisco NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1613 Cisco NX-OS Software CLI Command Injection Vulnerability
- CVE-2019-1600 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
- CVE-2019-1602 Cisco NX-OS Software Privilege Escalation Vulnerability
- CVE-2019-1616 Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
- CVE-
2019-1601 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability - CVE-2019-1599 Cisco NX-OS Software Netstack Denial of Service Vulnerability
- CVE-2019-1617 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability
- CVE-2019-1596 Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability
- CVE-2019-1603 Cisco NX-OS Software Privilege Escalation Vulnerability
- CVE-2019-1604 Cisco NX-OS Software Privilege Escalation Vulnerability
- CVE-2019-1615 Cisco NX-OS Software Image Signature Verification Vulnerability
- CVE-2019-1597 and CVE-2019-1598 Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities
- CVE-2019-1618 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability