Fixes have been released by Cisco to address several vulnerabilities impacting its NX-OS software, the most crucial of which is the high-severity flaw within the software's DHCPv6 relay agent, tracked as CVE-2024-20446, reports SecurityWeek.
Attackers could leverage the issue — which impacts Nexus 3000, 7000, and 9000 series switches with vulnerable NX-OS versions with DHCPv6 activated and are in standalone NX-OS mode — to facilitate continuous crashes of the dhcp_snoop process and a denial-of-service condition, according to Cisco. Also patched by Cisco were half a dozen other medium severity bugs, including three of sandbox escape issues within NX-OS's Python interpreter, which could be exploited for operating system compromise; two others could be leveraged for privilege escalation and code execution; and a command injection vulnerability in the platform's CLI. Cisco also patched a pair of medium-severity Application Policy Infrastructure Controller flaws. No active exploitation has been observed for any of the addressed security issues.