Cisco Event Response Page

Cisco Event Response: February 2020 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication

Doc ID:

ERP-73749

First Published:

2020 February 26 16:00 GMT

Version:

1.0

Summary

The February 26, 2020, release of the Cisco FXOS and NX-OS Software Security Advisory Bundled Publication includes six Cisco Security Advisories that describe six vulnerabilities in Cisco FXOS Software, Cisco NX-OS Software, and Cisco UCS Software. Cisco has released software updates that address these vulnerabilities.

All six vulnerabilities have a Security Impact Rating (SIR) of High. Successful exploitation of the vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) condition on an affected device.

Two vulnerabilities affect only Cisco NX-OS Software; one vulnerability affects only Cisco UCS Software; two vulnerabilities affect both Cisco FXOS Software and Cisco UCS Software; and one vulnerability affects Cisco FX-OS Software, Cisco NX-OS Software, and Cisco UCS Software.

Details

The following table identifies Cisco Security content that is associated with this Cisco FXOS and NX-OS Software Security Advisory Bundled Publication:

Cisco Security Advisory	CVE ID	Security Impact Rating	CVSS Base Score	Affected Cisco Platforms
cisco-sa-20200226-fxos-nxos-cdp Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability	CVE-2020-3172	High	8.8	Firepower 4100 Series Firepower 9300 Security Appliances MDS 9000 Series Multilayer Switches Nexus 1000 Virtual Edge for VMware vSphere Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 3000 Series Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Nexus 9000 Series Switches in standalone NX-OS mode UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects
cisco-sa-20200226-fxos-ucs-cmdinj Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability	CVE-2020-3167	High	7.8	Firepower 1000 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects
cisco-sa-20200226-fxos-ucs-cli-cmdinj Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability	CVE-2020-3171	High	7.8	Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects
cisco-sa-20200226-mds-ovrld-dos Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability	CVE-2020-3175	High	8.6	MDS 9000 Series Multilayer Switches
cisco-sa-20200226-nexus-1000v-dos Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability	CVE-2020-3168	High	7.5	Nexus 1000V Switch for VMware vSphere
cisco-sa-20200226-ucs-cli-cmdinj Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability	CVE-2020-3173	High	7.8	UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects

Related Resources

Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A