Cisco Event Response Page

Cisco Event Response: February 2023 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication

Doc ID:

ERP-75057

First Published:

2023 February 22 16:00 GMT

Version:

1.0

Summary

Cisco released its semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication on February 22, 2023. In direct response to customer feedback, Cisco releases bundles of Cisco FXOS and NX-OS Software Security Advisories on the fourth Wednesday of the month in February and August of each calendar year.

The February 22, 2023, release of the Cisco FXOS and NX-OS Software Security Advisory Bundled Publication includes five Cisco Security Advisories that describe five vulnerabilities in Cisco FXOS Software, Cisco NX-OS Software, and Cisco UCS Software. Cisco has released software updates that address these vulnerabilities.

Details

The following table identifies Cisco Security content that is associated with this bundled publication:

Cisco Security Advisory	CVE ID	Security Impact Rating	CVSS Base Score	Affected Software	Affected Hardware Platforms
Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability	CVE-2023-20089	High	7.4	NX-OS Software in ACI Mode	Cisco Nexus 9000 Series Switches
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability	CVE-2023-20016	Medium	6.3	FXOS Software, UCS Software (Managed)	Cisco Firepower 4100 Series, Cisco Firepower 9000 Series, Cisco UCS 6200 Series Fabric Interconnects, Cisco UCS 6300 Series Fabric Interconnects, Cisco UCS 6400 Series Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability	CVE-2023-20015	Medium	6	FXOS Software, UCS Software (Managed)	Cisco Firepower 4100 Series, Cisco Firepower 9000 Series, Cisco UCS 6200 Series Fabric Interconnects, Cisco UCS 6300 Series Fabric Interconnects, Cisco UCS 6400 Series Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects
Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability	CVE-2023-20012	Medium	5.3	UCS Software (Managed)	Cisco UCS 6400 Series Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects
Cisco NX-OS Software CLI Command Injection Vulnerability	CVE-2023-20050	Medium	4.4	NX-OS Software	Cisco MDS 9000 Multilayer Directors and Fabric Switches, Cisco Nexus 1000V Series Switches, Cisco Nexus 3000 Series Switches, Cisco Nexus 5000 Series Switches, Cisco Nexus 6000 Series Switches, Cisco Nexus 7000 Series Switches, Cisco Nexus 9000 Series Switches

Related Resources

Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A