High-Severity DoS Flaw Patched In Cisco NX-OS Software

A serious denial of service (DoS) flaw affected the Cisco NX-OS software. Cisco patched the vulnerability with the latest software release and urged users to update. Severe DoS Flaw Affected Cisco NX-OS Software Cisco recently addressed a high-severity denial of service security flaw affecting NX-OS software. Specifically, NX-OS is the operating system running on Cisco Nexus data center switches. According to Cisco’s advisory, the vulnerability affected NX-OS Software’s DHCPv6 relay agent. Identified as CVE-2024-20446, it received a high severity rating and a CVSS score of 8.6. The flaw appeared “due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message.” A remote attacker could exploit the flaw to trigger a denial of service on the target device by sending maliciously crafted DHCPv6 packets to a device’s IPv6 address without authentication. Regarding the affected devices, Cisco mentioned the “Nexus 3000 and 7000 Series Switches and Nexus 9000 Series Switches in standalone NX-OS mode” as vulnerable products. However, the vulnerability would come into effect under the following conditions: Cisco NX-OS Software Release 8.2(11), 9.3(9), or 10.2(1) running on the devices. DHCPv6 relay agent enabled (which comes disabled by default). At least one IPv6 address is configured. Cisco also shared a list of all devices unaffected by this vulnerability in its advisory. Cisco Patched The Vulnerability With Latest OS Release The networking giant confirmed that no workarounds exist to address this flaw. As temporary mitigation, Cisco advises users to disable the DHCPv6 relay agent in their devices using the no ipv6 dhcp relay configuration command at the device CLI. Nonetheless, users may receive a full patch for their devices by updating to the latest NX-OS release, which carries the respective vulnerability fix.

References:

https://latesthackingnews.com/2024/09/02/high-severity-dos-flaw-patched-in-cisco-nx-os-software/