Multiple Vulnerabilities Found in Cisco Products, Leading to Remote Denial of Service

In a recent security advisory by CERT-FR, it has been revealed that several vulnerabilities have been discovered in Cisco products. These vulnerabilities could potentially be exploited by malicious actors to initiate remote denial-of-service attacks, causing disruption and unavailability of affected systems.

The vulnerabilities were identified in various Cisco products, including Unified Computing System (UCS), Firepower series, and Nexus switches. The affected systems include:

  • UCS versions prior to 4.1(3l)
  • UCS versions 4.2(x) prior to 4.2(3b)
  • UCS versions 4.2(x) prior to 4.2(3d) for Cisco UCS 6324 Fabric Interconnects
  • Firepower 4100 series without the latest security patch
  • Firepower 9300 Security Appliances without the latest security patch
  • Nexus 3000 and 9000 series switches with versions 9.3(11), 10.2(5), and 10.3(2) without the latest security patch

These vulnerabilities could allow an attacker to trigger remote denial-of-service attacks, leading to service disruptions and potential downtime.

Cisco has released security advisories for each of the identified vulnerabilities, and users of the affected products are strongly urged to apply the necessary patches to mitigate the risks. The security advisories contain detailed information about the vulnerabilities, their impact, and the recommended actions to be taken.

For more information and to obtain the required patches, please refer to the following Cisco security advisories:

  1. Cisco Security Advisory cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO (August 23, 2023) Advisory Link: cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO
  2. Cisco Security Advisory cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb (August 23, 2023) Advisory Link: cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb
  3. Cisco Security Advisory cisco-sa-nxos-remoteauth-dos-XB6pv74m (August 23, 2023) Advisory Link: cisco-sa-nxos-remoteauth-dos-XB6pv74m