Over the past week, we’ve seen Cisco publish a number of security advisories covering 29 vulnerabilities which affect Cisco NX-OS and four vulnerabilities which affect FXOS. Although there are not yet any reported active attacks leveraging these vulnerabilities, it’s crucial to be aware if any of these vulnerabilities exist within your network.
What Risks do Cisco’s NX-OS and FSOX Vulnerabilities Pose?
Cisco NX-OS is the operating system of Cisco’s Nexus and MDS series switches common in large data centers, and FSOX is the operating system of Cisco Firepower, a next-generation firewall used in many enterprise environments. Because these vulnerabilities are related to network devices, they should be monitored very closely: If an attacker is able to take control of either, it not only means that they will be able to access all incoming and outgoing network traffic, but also undermine an entire layer of security enforcement within the network, potentially allowing for configuration changes that could enable lateral movement, exfiltration, etc.
Cisco NX-OS and FSOX Vulnerabilities Undetectable by Scanners
As network devices run code, they will always be susceptible to vulnerabilities, just like any other piece of software. And network device vulnerabilities are certainly not uncommon.
The difficulty with the vulnerabilities on network devices is that such devices are made to resist reconnaissance activity as a safeguard against attackers attempting to probe the device. Unfortunately, active vulnerability scans are viewed as reconnaissance, and the device doesn’t give up any information as to the vulnerabilities it may host. Which is where the problem lies: If you’re not alerted to the fact that there are vulnerabilities which can cause major damage within your environment, you’re powerless to take any serious preventative measures.
How Skybox Can Help
Skybox not only manages these devices in terms of policy compliance in the infrastructure, but it can also discover vulnerabilities on Cisco NX-OS without an active scan.
In most environments, Skybox is importing the configuration of the device in order to build a network model or provide compliance assurance. When processing the configuration data, we also pick up the version of the operating system. With this information, we can compare it to our Vulnerability Dictionary of known vulnerabilities, their preconditions, exploitability, solutions, etc. and determine the occurrence of a device vulnerability.
Vulnerabilities occurrences on network devices are centralized with results from other active and scanless vulnerability assessments and prioritized based on a variety of factors, including asset role and value, exploit availability and activity in the wild, and exposure within the network. Remediation of exploited and exposed vulnerabilities is given top priority, and Skybox provides intelligence on available patches as well as network-based mitigation such as IPS signatures and firewall or configuration changes.
To learn more about Skybox’s unique approach to vulnerability management, check out our e-book here.
Cisco ASA Vulnerabilities See POC and Active Exploits: In July 2018, Cisco confirmed limited exploitation in the wild of a Cisco ASA flaw
Hackers Disrupt Critical Infrastructure Network Using Cisco Smart Install Flaw: 200,000 were affected worldwide by a Cisco Smart Install Client vulnerability – read how Cisco reacted and see what happened next