cisco-sa-fxos-nxos-cfs-dos-dAmnymbd: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
First published: Wed Aug 26 2020(Updated: )
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd This advisory is part of the August 2020 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes seven Cisco Security Advisories that describe seven vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2020 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FXOS Software | =2.2<2.2.1.70=2.1<2.1.1.86=2.0<2.0.1.153=1.1<1.1.4.179 | 2.2.1.70 2.1.1.86 2.0.1.153 1.1.4.179 |
| Cisco UCS Software | =4.1<4.1(1c)=4.0<4.0(4i)>=Earlier than 3.2<=3.2<3.2(3o) | 4.1(1c) 4.0(4i) 3.2(3o) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco FXOS and NX-OS Software vulnerability?
The vulnerability ID for this Cisco FXOS and NX-OS Software vulnerability is cisco-sa-fxos-nxos-cfs-dos-dAmnymbd.
What is the severity rating of this vulnerability?
This vulnerability has a severity rating of 8.6 (high).
How can an attacker exploit this vulnerability?
An unauthenticated attacker can exploit this vulnerability by causing process crashes, resulting in a denial of service (DoS) condition.
Which devices are affected by this vulnerability?
This vulnerability affects devices running Cisco FXOS Software versions 2.2, 2.1, 2.0, and 1.1, as well as Cisco UCS Software versions 4.1, 4.0, and earlier than 3.2.
Is there a fix available for this vulnerability?
Yes, fixes are available for this vulnerability. Please refer to the Cisco Security Advisory for the specific remediation versions.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco fxos software
- version/cisco fxos software/2.2
- version/cisco fxos software/2.1
- version/cisco fxos software/2.0
- version/cisco fxos software/1.1
- canonical/cisco ucs software
- version/cisco ucs software/4.1
- version/cisco ucs software/4.0
- version/cisco ucs software/earlier than 3.2
- version/cisco ucs software/3.2