Tech firm Cisco has discovered 24 new vulnerabilities in many home switches, firewalls, and security appliances, less than a month after it reported a malware attack on a range of routers.
Cisco on Tuesday, June 20 said it had released security updates on a variety of products that run on its NX-OS and FXOS software after the new batch of vulnerabilities were discovered. Of the 24 security flaws, 19 were classified as "critical" and 5 were "high." None of these affected Cisco's IOS and IOS XE software.
These flaws were intercepted during the internal security testing and there has been no indication of exploitation, according to the company.
"Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, execute arbitrary commands, gain access to sensitive information, or cause a denial of service (DoS) condition on an affected device," the Cisco report stated.
Crafted network packets and messages could be used to conduct these malicious activities.
The security updates were rolled out to the following products:
- MDS 9000 Series Multilayer Switches
- Nexus 2000 Series Fabric Extenders
- Nexus 1000V/2000/3000/4000/6000/7000/7700 Series Switches
- Nexus 1100 Series Cloud Services Platforms
- Nexus 3500/3600/5500/5600 Platform Switches
- Nexus 9000 Series Switches in standalone NX-OS mode and in Application Centric Infrastructure (ACI) mode
- Nexus 9500 R-Series Line Cards and Fabric Modules
- Firepower 2100 Series
- Firepower 4100 Series Next-Generation Firewalls
- Firepower 9300 Security Appliance
- MDS 9000 Series Multilayer Switches
- UCS 6100/6200/6300 Series Fabric Interconnects
Products that are no longer supported by Cisco cannot receive the said security updates.
In May, the company's security team Talos found more than 500,000 routers from different manufacturers were strained by the Russia-linked VPNFilter malware. It turned out early this month that the situation is far from worse as more routers were discovered to have been compromised. Cisco advised to factory reset the enlisted routers and then upgrade their firmware.
