Cisco‘s latest semiannual security advisory bundle discloses vulnerabilities demanding immediate attention. The advisory, released on February 29, 2024, highlights four vulnerabilities, including two high-severity flaws in the NX-OS software.
The first high-severity bug, identified as CVE-2024-20321, exposes a vulnerability in External Border Gateway Protocol (eBGP) traffic. An unauthenticated, remote attacker can exploit this flaw to trigger a denial-of-service (DoS) condition by flooding the network with excessive traffic. The impacted devices include Nexus 3600 series switches and Nexus 9500 R-series line cards.
The second high-severity issue, tracked as CVE-2024-20267, arises from inadequate error checking during the processing of ingress MPLS frames. An unauthenticated, remote attacker can utilize a crafted IPv6 packet encapsulated in an MPLS frame to induce a DoS condition. This vulnerability affects various Nexus series switches with MPLS configured.
Cisco also addressed two medium-severity flaws in its FXOS and NX-OS software. The first involves a Link Layer Discovery Protocol (LLDP) frame, potentially allowing an attacker to crash the LLDP service on the affected device. The second, affecting Nexus 3000 and 9000 series switches, enables remote, unauthorized entities to bypass ACL protections.
