Cisco Patches Critical Vulnerabilities in Enterprise Switches


Two vulnerabilities in the NX-OS software, which runs the Nexus-series commercial switches, have been patched by Cisco this week.

The first of these problems, listed as CVE-2022-20823, affects the OSPF version 3 (OSPFv3) capability of NX-OS and might be used remotely, without authentication, to create a denial-of-service (DoS) scenario. The bug can be triggered by an attacker sending a malicious OSPFv3 link-state advertisement (LSA) to a susceptible device because some OSPFv3 packets do not have complete input validation.

The tech giant adds that the OSPFv3 capability is by default deactivated and that if an attacker can “create a full OSPFv3 neighbor state with an affected device,” they will be able to take advantage of the vulnerability.

Read More: Cisco Patches High-Severity Vulnerabilities in Business Switches

For more such updates follow us on Google News ITsecuritywire News