A high-severity vulnerability has been discovered in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software, which could potentially allow an unauthenticated local attacker to force an affected device to unintentionally reload. The vulnerability has a CVSS score of 7.1 and has been assigned the identifier CVE-2023-20168. If successfully exploited, this vulnerability could lead to a denial-of-service (DoS) attack.
Cisco NX-OS is a network operating system used for Cisco Systems’ Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network devices. It is derived from the SAN-OS operating system developed by Cisco for their MDS switches.
Cisco has released software updates to address this vulnerability, and no workarounds are available. The affected products include MDS 9000 Series Multilayer Switches, Nexus 1000 Virtual Edge for VMware vSphere, Nexus 1000V Switch for Microsoft Hyper-V and VMware vSphere, Nexus 3000 Series Switches, Nexus 5500 and 5600 Platform Switches, Nexus 6000 Series and 7000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode.
The vulnerability arises due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker can exploit this by providing a specially crafted string at the login prompt of a compromised device. This can lead to an unexpected device reload, resulting in a Denial of Service (DoS) condition.
Cisco has advised organizations to check if the directed request option is enabled for TACACS+ or RADIUS on their devices. The command “show running-config | include directed-request” can be used to view the configuration. If the command returns “tacacs-server directed-request” or “radius-server directed-request,” the device may be vulnerable.
It is important to note that this vulnerability can only be exploited over Telnet, which is disabled by default, or over the console management connection. SSH connections are not affected.
To mitigate the risk posed by this vulnerability, Cisco has published software maintenance updates (SMUs) that address the issue. Customers can obtain the SMUs from Cisco.com’s Software Center.
In conclusion, Cisco NX-OS Software contains a high-severity vulnerability that could allow an unauthenticated attacker to cause an affected device to reload unintentionally, leading to a denial-of-service condition. Cisco has released software updates to address this vulnerability and has provided guidance on identifying vulnerable configurations. Organizations using affected Cisco products are advised to apply the necessary patches to ensure the security and stability of their network infrastructure.