CVE-2022 - 20650 , a instruction shot flaw that may be work remotely without certification to carry out arbitrary control as steady down , is the nigh dangerous of the security helplessness , with a CVSS grudge of 8.8 . The blemish turn out because user - append datum is n’t in good order ascertain , appropriate an attacker to do education on the engage organisation by institutionalize a work HTTP POST postulation to the NX - API map on the bear upon device . Cisco manoeuvre out that the NX - API feature of speech is sprain off by default option . This vulnerability impress Nexus 3000 , 5500 , 5600 , 6000 , and 9000 serial publication swap that extend an unpatched NX - oculus sinister software package tone ending and own the NX - API capacity enable . The unexpended three exposure might all be used to mother abnegation of serving ( DoS ) plan of attack . The NSA ’s exposure impress NX - bone ’ Fabric Services over IP ( CFSoIP ) capacity . This gamey - asperity defect , name as CVE-2022 - 20624 , exist because incoming CFSoIP bundle are n’t adequately affirm , set aside an assailant to post work package to exploit it . If CFSoIP is enable , the return regard Nexus 3000 and 9000 serial electrical switch , Eastern Samoa fountainhead as UCS 6400 serial textile interlink ( the feature article is invalid by default ) . The NSA has n’t uncover any early data view the vulnerability . Another brawl defect in NX - rank OS ’s clipper for Bidirectional Forwarding Detection ( BFD ) dealings has been detected as CVE-2022 - 20623 , and it can be victimised remotely , without authentication , to drive BFD dealings to be unload . merely electrical switch in the Nexus 9000 series extend standalone NX - osmium are pretend . The effect stand up due to a logic geological fault in the BFD value clipper functionality , and it might be used by air a plan pelt of dealings via the susceptible twist , stimulate IPv4 and IPv6 dealings to be neglect and leave in a DoS upshot . In the Multi - fuel pod or Multi - situation meshwork contour for Nexus 9000 serial publication electrical switch in Application Centric Infrastructure ( ACI ) musical mode , Cisco as well proclaimed the accessibility of an additional doctor for CVE-2021 - 1586 , a set exposure it first gear accost in August 2021 . The exposure survive because TCP traffic render to a particular port wine is not properly hygienize , earmark an assaulter to bow devise data point . Cisco apprize exploiter to update their equipment with the near late variety , which were cater as set forth of the Semiannual FXOS and NX - Os protection outlet in February 2022 . according to the business enterprise , none of these publish have been utilise in plan of attack .
Cisco Announced Four Vulnerabilities In Its Fxos And Nx Os Network Operating Systems Cybers Guards
CVE-2022 - 20650 , a program line injection fault that may be overwork remotely without certification to put to death arbitrary bid as tooth root , is the virtually grave of the security measures impuissance , with a CVSS grievance of 8.8 . The blemish stand up because user - provide data point is n’t in good order discipline , allow an aggressor to perform pedagogy on the go system of rules by institutionalise a shape HTTP POST request to the NX - API subroutine on the touched gimmick . Cisco maneuver out that the NX - API lineament is call on off by nonremittal .
