During testing of the Cisco Nexus 7000 series switch I identified a high impact (CVSS8.8) vulnerability within the OS which also formed the basis of my talk at Bsides Manchester.
Note that the views are my own and don’t represent my employer.
TL:DR
I identified a vulnerability in the Cisco NX-OS data centre switch range that as executed is a CVSS 8.8 against the Cisco NX-OS data centre switches.
I have worked with Cisco between Feb and Oct 2017 to get the vulnerabilities resolved and followed a coordinated disclosure approach. However Cisco have decided that the vulnerabilities identified are not as severe, a point on which we disagree. This post outlines the details of the exploit now that is had a published fix and how the chained set of vulnerabilities identified has an impact.
The nature of the vulnerabilities discovered in February 2017 were so fundamental to the way the software operates that the fix required a major code re-write. It took the vendor 222 days from the vulnerability being reported to it being fixed and updated, with software being published on the version 8 code branch. A recommended mitigation was shared: