On February 24, 2020, the Cisco PSIRT published eleven (11) vulnerabilities in Cisco FXOS and NX-OS Software. Eight (8) out of the eleven (11) vulnerabilities were found by our internal security and engineering teams, two were found by TAC during the troubleshooting of service requests, and one was found by Jens Krabbenhoeft of Rauscher networX. The following table lists all of the vulnerabilities. These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
Software Checker and Automation
As you probably already know, the Cisco IOS Software Checker is now referred to as the Cisco Software Checker to reflect new search capabilities for Cisco NX-OS Software and Cisco NX-OS Software in ACI Mode. Functionality for IOS and IOS XE remains as before. The new search capabilities for Cisco NX-OS Software allows examination of vulnerabilities that were announced on or after July 1, 2019.
This new functionality is also extended to the Cisco PSIRT openVuln API.