Cisco asks switch Nexus users to disable some features; the company alleges security reasons

The company will launch a new firmware for Nexus in which the POAP function is completely disabled

For security reasons, the Cisco company has asked the users of its Nexus switch to disable the PowerOn Auto Provision (POAP) function, report network security and ethical hacking experts from the International Institute of Cyber Security. This feature is enabled by default on Cisco operating systems.

POAP is a complementary function for the implementation and configuration of a Nexus device, the experts in network security mention.

This function is enabled when a local configuration script is verified; If the script has been removed, the switch will be reset to its factory settings; POAP will be connected to a list of predefined servers to download an initial configuration file. To begin this process, the switch must obtain the IP address of a local DHCP server.

Cisco identified the problem at this stage of the process. According to the company, the POAP function on the Nexus switches will automatically accept the first DHCP response you receive. According to network security experts, a threat actor could send malicious DHCP responses to hijack a switch’s POAP configurations, as well as downloading and executing scripts from attacker servers.

This vulnerability does not compromise a device directly, but it can be a fundamental support point for hackers who are able to compromise an internal network to reach other devices.

That’s why Nexus has asked its users to disable this function, to avoid exploiting this attack vector.

The company launched a series of updates for the vulnerable Nexus models in order to disable the function. In its security announcement, Cisco mentions some details about the use of the new terminal, and also lists the vulnerable Nexus switch models.

To finish, in addition to firmware updates, Cisco released update patches for 30vulnerabilities, 7 considered critical. The company claims that there are no known cases of exploiting these vulnerabilities in the wild.