Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
1
Replies

Cisco NX-OS IP in IP Packet Processing Vulnerability for UCS 6200 series fiber interconnect?

lasdcisco
Level 1
Level 1

‎06-04-2020 08:30 AM

Has anyone aware of this issue?  here's the link for it:

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4 

 

Apparently 6200 and 6300 series FI are affected by this as well. Has anyone gone through remediation for this security vulnerability?  

0 Helpful
1 Reply 1

Kirk J
Cisco Employee
Cisco Employee

‎06-05-2020 05:15 AM

To be clear, the FIs are vulnerable only under certain circumstances:

"Cisco UCS Fabric Interconnects are affected only when NetFlow monitoring is enabled on the device and a flow exporter profile is configured with a source IP address set for the exporter interface"

 

The workaround for FIs, would be to turn off netflow, until fixed code comes out (which will be this month):

UCS 6200 and 6300 Series Fabric Interconnects: 

Cisco UCS Software Release First Fixed Release for This Vulnerability
Earlier than 3.2 3.2(3o)
3.2 3.2(3o)
4.0 4.0(4i) (June 2020)
4.1 4.1(1d) (June 2020)

 

Kirk...

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card