Skip to content

Vulnerability in Cisco Nexus Switches Could Cause Network Failure

Recently, in the field of cybersecurity, information has spread about a serious vulnerability discovered in Cisco Nexus 3000 and 9000 series switches. This vulnerability could allow attackers to disrupt network operations, causing a Denial-of-Service (DoS) condition.

This vulnerability is linked to the health monitoring diagnostics of the switches and results from improper handling of specific Ethernet frames. Attackers can exploit this flaw without authentication by sending specially crafted Ethernet packets to the affected device. This can lead to device reboots, disrupting network operations and preventing users from accessing critical services.

According to Cisco’s official security report, the following devices may be impacted by this vulnerability:

  • Nexus 3100 Series Switches
  • Nexus 3200 Series Switches
  • Nexus 3400 Series Switches
  • Nexus 3600 Series Switches
  • Nexus 9200 Series Switches (only in NX-OS standalone mode)
  • Nexus 9300 Series Switches (only in NX-OS standalone mode)
  • Nexus 9400 Series Switches (only in NX-OS standalone mode)

Other Cisco products, including Firepower and MDS series devices, are not affected by this vulnerability.

Exploitation of the vulnerability may cause repeated failures in the following diagnostic tests on affected switches:

  • L2ACLRedirect test failure
  • RewriteEngineLoopback test failure

Additionally, the following messages may appear in system logs:

  • L2ACLREDIRECT_LOOPBACK_TEST_FAIL
  • REWRITE_ENGINE_LOOPBACK_TEST_FAIL

If a switch reboots due to these errors and the reason is logged as Kernel Panic, it may indicate a potential exploitation of this vulnerability.

Cisco has released software updates to address this vulnerability. Customers are advised to take the following actions:

  1. Update the software: Download and install the latest Cisco NX-OS updates through official update channels.
  2. Check Cisco Security Advisory: Review Cisco’s security recommendations to determine the necessary updates for specific devices.
  3. Use the Cisco Software Checker tool: This tool helps determine if your Cisco products are affected by this vulnerability.
  4. Enhance network monitoring: Regularly check system logs and respond promptly to suspicious activities.

At this time, Cisco has not received any reports of real-world attacks or public exploitation of this vulnerability. The issue was discovered during internal security testing.

IT security professionals are strongly advised to implement the recommended measures immediately to safeguard their networks. Any vulnerability in network infrastructure can lead to significant disruptions and financial losses for large enterprises and institutions. Following Cisco’s security recommendations and applying updates in a timely manner can minimize the risk of exploitation.