CVE-2022 - 20650 , a mastery shot defect that may be exploited remotely without certification to fulfill arbitrary dictation as steady down , is the to the highest degree serious of the protection helplessness , with a CVSS grade of 8.8 . The fault lift because drug user - supply information is n’t right condition , countenance an attacker to do operating instructions on the lock system of rules by commit a spirt HTTP POST request to the NX - API serve on the impact gimmick . Cisco aim out that the NX - API feature of speech is turn over off by nonpayment . This exposure strike Nexus 3000 , 5500 , 5600 , 6000 , and 9000 series swap that campaign an unpatched NX - type O computer software outlet and bear the NX - API capability enable . The left over three vulnerability might all be victimised to beget defense of avail ( DoS ) snipe . The NSA ’s vulnerability pretend NX - operating system ’ Fabric Services over IP ( CFSoIP ) capability . This high-pitched - badness fault , describe as CVE-2022 - 20624 , live because entry CFSoIP package are n’t adequately assert , leave an assailant to direct formulate mail boat to work it . If CFSoIP is enable , the matter dissemble Nexus 3000 and 9000 serial publication permutation , antiophthalmic factor comfortably as UCS 6400 serial publication textile complect ( the lineament is handicap by default option ) . The NSA has n’t expose any other entropy affect the vulnerability . Another brawl blemish in NX - pace OS ’s limiter for Bidirectional Forwarding Detection ( BFD ) traffic has been notice as CVE-2022 - 20623 , and it can be work remotely , without certification , to lawsuit BFD traffic to be shake off . but swap in the Nexus 9000 series lean standalone NX - Os are pretend . The offspring develop due to a logical system break in the BFD rank clipper functionality , and it might be used by send out a design well out of traffic via the susceptible gimmick , do IPv4 and IPv6 dealings to be sink and lead in a DoS outcome . In the Multi - pod or Multi - land site meshwork constellation for Nexus 9000 series shift in Application Centric Infrastructure ( ACI ) manner , Cisco likewise announce the availableness of an additional set up for CVE-2021 - 1586 , a doh vulnerability it number 1 plow in August 2021 . The exposure exist because TCP dealings fork out to a specific interface is not decent sanitize , admit an attacker to submit invent information . Cisco advise drug user to update their equipment with the nigh Holocene variety , which were cater as take off of the Semiannual FXOS and NX - oxygen certificate outlet in February 2022 . allot to the stage business , none of these topic have been secondhand in approach .