Tech News
High-Severity DoS Flaw Patched In Cisco NX-OS Software
A critical denial of service (DoS) vulnerability impacted the Cisco NX-OS software used in Cisco Nexus devices. Cisco has released a software update to address this vulnerability and advises users to update their systems.
Critical DoS Vulnerability in Cisco NX-OS Software
Cisco recently fixed a high-severity denial of service vulnerability in the NX-OS software, which is the operating system powering Cisco Nexus data center switches.
According to Cisco’s advisory, the vulnerability affected the DHCPv6 relay agent in NX-OS Software, identified as CVE-2024-20446 with a CVSS score of 8.6.
The vulnerability was caused by improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this flaw remotely by sending malicious DHCPv6 packets to a device’s IPv6 address without authentication, leading to a denial of service.
Cisco explained in its advisory how the DoS attack could occur:
A successful exploit could cause the dhcp_snoop process to crash and restart multiple times, leading to the affected device reloading and resulting in a DoS condition.
The affected devices include Nexus 3000 and 7000 Series Switches and Nexus 9000 Series Switches in standalone NX-OS mode running software releases 8.2(11), 9.3(9), or 10.2(1) with the DHCPv6 relay agent enabled and at least one configured IPv6 address.
Cisco also provided a list of devices unaffected by this vulnerability in the advisory.
Cisco Fixes Vulnerability in Latest OS Release
Cisco confirmed that there are no workarounds to address this vulnerability. As a temporary measure, users are advised to disable the DHCPv6 relay agent using the no ipv6 dhcp relay
command in the device CLI.
Users can permanently patch their devices by updating to the latest NX-OS release, which includes the fix for this vulnerability.
We welcome your thoughts and comments below.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend