vulnerability – Ben's ideas and projects

On March 6th Cisco released 29 high and medium rated PSIRT notices for NX-OS based platforms. These platforms include the Cisco Nexus 3000 - 9000 series and Nexus adjacent platforms FX-OS and UCS Fabric Interconnect platforms. Not all advisories affect all platforms but all platforms are affected by at least one high rated vulnerability. The vulnerabilities range from command and code execution, privilege escalation, denial of service, and arbitrary file read vulnerabilities. This is just about everything bad that could affect core infrastructure devices.

If you haven't updated your switch in a while this is probably the time too. Within some of the advisories Cisco notes that they are providing free updates:

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.

I've included a table of the fixed in versions notes as of the writing of this post. I would recommend looking at the advisories to assist in selecting the best version as there are other code versions that have integrated the fixes.

Platform	Version
Nexus 1000v	5.2(1)SM3(2.1) (Hyper-V) 5.2(1)SV3(4.1a) (VMWare)
Nexus 3000 Nexus 3500 Nexus 3600	9.2(2)
Nexus 5500, 5600, and 6000 Nexus 7000 and 7700	8.3(3)
Nexus 9000 and 9500	9.2(2)
UCS 6200 and 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects	4.0(2a)

Cisco has a bundled advisory for all of the high rated notices at the following link,

Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication

I have also included a laundry list of notices including both high and medium rated vulnerabilities for your reference.

Happy patching!

Tag: vulnerability

March 2019 NX-OS Vulnerability Dump