February 29, 2024 at 07:57AM
Cisco released its semiannual FXOS and NX-OS security advisory bundle, which includes info on four vulnerabilities. Two high-severity flaws impact NX-OS software: CVE-2024-20321 allows remote attackers to perform a DoS attack, while CVE-2024-20267 could cause a DoS condition. Medium-severity flaws in FXOS and NX-OS software were also patched. Additional details are available on Cisco’s security advisories page.
Key takeaways from the meeting notes on Cisco’s semiannual security advisory bundle:
– Four vulnerabilities disclosed, including two high-severity flaws in NX-OS software.
– The high-severity bugs (CVE-2024-20321 and CVE-2024-20267) could lead to denial-of-service conditions for unauthenticated, remote attackers.
– Vulnerable product IDs and impacted Cisco Nexus series switches are detailed.
– NX-OS software versions 9.3(12), 10.2(6), and 10.3(4a) address these vulnerabilities.
– Additionally, patches for two medium-severity flaws in FXOS and NX-OS were announced, along with a fifth vulnerability affecting UCS 6400 and 6500 series fabric interconnects.
– Cisco emphasizes that there is no evidence of these vulnerabilities being exploited in attacks yet.