How To Fix CVE-2022-20650- The New RCE Vulnerability In Cisco Switches?

Cisco has published advisory for three high severity and one medium severity vulnerability. Successful exploitation of the vulnerabilities could take over the vulnerable Cisco appliances. The flaws CVE-2022-20650 with a base score of 8.8 is the most critical vulnerability among the four, which allows an authenticated, remote attacker to execute arbitrary commands with root privileges. We recommend all the Cisco Switch owners to read this post that tells how to fix CVE-2022-20650- the new Remote Code Execution RCE vulnerability in Cisco Switches.

List Of Other Vulnerabilities Disclosed In Cisco Switches Are:

  1. CVE-2022-20650
  2. CVE-2022-20623
  3. CVE-2022-20624
  4. CVE-2022-20625

Summary Of CVE-2022-20650:

This is the most critical vulnerability on the list. This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges. The flaw is due to improper validation of user input data sent to the NX-API in Cisco NX-OS Software. This is an easily exploitable flaw. Attackers can exploit the flaw just by sending a crafted HTTP POST request to the NX-API of an affected Cisco Switch. 

Cisco Switches Affected By CVE-2022-20650:

The flaw affects these Switch models running these vulnerable Cisco NX-OS Software with enabled NX-API feature.

Cisco Switcher Not-Affected By CVE-2022-20650:

Cisco clearly says that these models are safe and not affected by the CVE-2022-20650 flaw. Owners of these models can ignore the vulnerability.

  • Firepower 1000 Series
  • Firepower 2100 Series
  • Firepower 4100 Series
  • Firepower 9300 Security Appliances
  • MDS 9000 Series Multilayer Switches
  • Nexus 1000 Virtual Edge for VMware vSphere
  • Nexus 1000V Switch for Microsoft Hyper-V
  • Nexus 1000V Switch for VMware vSphere
  • Nexus 7000 Series Switches
  • Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
  • UCS 6200 Series Fabric Interconnects
  • UCS 6300 Series Fabric Interconnects
  • UCS 6400 Series Fabric Interconnects
See also  How to Start Preparing for CISSP? What Resources Are to be Used for CISSP Preparation?

How To Fix CVE-2022-20650- The New RCE Vulnerability In Cisco Switches?

Since the CVE-2022-20650 vulnerability is in the NX-API feature of Cisco NX-OS Software, the best and quick solution is to disable the NX-API on the devices. We recommend all the users of the affected devices update the Cisco NS-OS to the latest available version as Cisco has acknowledged the vulnerability by releasing the free software updates. 

NX-API Feature is enabled by default for local access and disabled by default for remote HTTP access on all the devices. In case you want to check the status of NX-API Feature in the Cisco Switches, just run this simple command show feature | include nxapi on the command line interface.

nxos# show feature | include nxapi
nxapi                1        enabled

Go Through These Basic NX-API Commands For Your Reference:

feature nxapiEnables NX-API.
no feature nxapiDisables NX-API.
nxapi {http | httpsport portSpecifies a port.
no nxapi {http | https}Disables HTTP/HTTPS.
show nxapiDisplays port and certificate information.

Please find the full list of NX-API commands with configuration examples here.

See Also 5 Best Download Managers for Windows 10/11

Leave a Reply

Your email address will not be published. Required fields are marked *