02-24-2021 07:10 PM
FYI, the Security Advisory regarding this bug (cisco-sa-3000-9000-fileaction-QtLzDRy2) contains ambiguous information. The Affected Products section says:
If the command returns output, as shown in the following example, the device is vulnerable:
nexus# show sockets connection | include 9075
tcp LISTEN 0 32 * : 9075
One possible interpretation is that if the command returns any output, the device is vulnerable. However, as I confirmed with TAC and with my own portscan (against patched and unpatched devices), the device is no longer vulnerable when (after patching) the fifth column of output has changed from * to *%veobc. This indicates that the service is now listening on internal-facing interfaces only.
I hope this saves you some time by addressing the concern I had.
03-01-2021 08:48 AM
Hi jrenken
According to your discussion with TAC Engineer and your lab test. Is this SMU require reload?
Thanks
Pichet
03-01-2021 06:51 PM
Hi, Pichet,
We determined that a reload is not required: the output changed to *%veobc, and I confirmed with nmap that the vulnerable service was no longer available to hosts outside of the switch itself. The TAC engineer had first thought that a reload might be required, but then verified in the TAC lab that it was not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide