cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Multiple Vulnerabilities in Cisco FXOS and NX-OS Software

736
Views
5
Helpful
0
Comments
Cisco Employee

On February 24, 2020, the Cisco PSIRT published eleven (11) vulnerabilities in Cisco FXOS and NX-OS Software. Eight (8) out of the eleven (11) vulnerabilities were found by our internal security and engineering teams, two were found by TAC during the troubleshooting of service requests, and one was found by  Jens Krabbenhoeft of Rauscher networX. The following table lists all of the vulnerabilities. These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.

Security Advisory Security Impact Rating CVE-ID
Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability High CVE-2020-3173
High CVE-2020-3168
Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability High CVE-2020-3175
Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability High CVE-2020-3167
Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability High CVE-2020-3171
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability High CVE-2020-3172
Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability Medium CVE-2020-3165
Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability Medium CVE-2020-3174
Cisco NX-OS Software NX-API Denial of Service Vulnerability Medium CVE-2020-3170
Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability Medium CVE-2020-3166
Cisco FXOS Software CLI Command Injection Vulnerability Medium CVE-2020-3169

 

Software Checker and Automation

As you probably already know, the Cisco IOS Software Checker is now referred to as the Cisco Software Checker to reflect new search capabilities for Cisco NX-OS Software and Cisco NX-OS Software in ACI Mode. Functionality for IOS and IOS XE remains as before. The new search capabilities for Cisco NX-OS Software allows examination of vulnerabilities that were announced on or after July 1, 2019. 

This new functionality is also extended to the Cisco PSIRT openVuln API.