Hello All,

Curious if anyone from Cisco can chime in here and provide some clarity. My org has Nexus 3048 switches that fall under this bug.

Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability

• This link provides information that speaks to all Nexus 3K and 9K switches are vulnerable regardless of device configuration. It doesn’t give a listing of specific 3K/9K models, as the wording speaks to inclusion of all models.
• Contrast that information against Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial of Service Vulnerability where we see them list out specific platforms in the 3K/9K series that are vulnerable

CSCwm09739

• This Bug ID is associated with the fist link
• It does NOT provide any fixed code release info that applies to the 3048 switches. All code releases are only applicable to the 9K and 3524
• All affected code releases for the 3048 include all known releases of the 3K series; up to 9.3.14(M) released Sept 2024 & starred release 9.3.13 from December 2023
• This leaves us no code release to consider for the 3K series per everything Cisco is providing.
  
  

Does anyone know what to do here? Everything provided states that the 3K series is vulnerable to a bug ID that doesn't provide any fixed release information. I revisited the bug ID url today and see that there haven't been any further updates. As it stands this looks like there isn't any code release that is safe to run on the 3K. 

Kind regards,

Brian