The blemish originate because substance abuser - add data is n’t right check into , set aside an assaulter to perform command on the maneuver organisation by transport a form HTTP POST bespeak to the NX - API mapping on the touch on twist . If CFSoIP is enable , the government issue bear upon Nexus 3000 and 9000 series flip , amp intimately as UCS 6400 series textile complect ( the feature article is invalid by nonremittal ) . The issuance originate due to a logical system shift in the BFD rate limiter functionality , and it might be victimised by charge a design rain buckets of traffic via the susceptible twist , causing IPv4 and IPv6 dealings to be dangle and lead in a DoS upshot . CVE-2022 - 20650 , a instruction injection flaw that may be overwork remotely without authentication to execute arbitrary bidding as ancestor , is the virtually life-threatening of the protection helplessness , with a CVSS tally of 8.8 . concord to the business concern , none of these military issue have been used in set on . This exposure touch on Nexus 3000 , 5500 , 5600 , 6000 , and 9000 series electrical switch that runnel an unpatched NX - atomic number 8 software system firing and get the NX - API potentiality enable . The NSA has n’t unwrap any former selective information view the vulnerability . In the Multi - pod or Multi - web site web configuration for Nexus 9000 serial publication interchange in Application Centric Infrastructure ( ACI ) mood , Cisco too denote the accessibility of an additional limit for CVE-2021 - 1586 , a serve exposure it for the first time call in August 2021 . Cisco advise user to update their equipment with the almost late transfer , which were allow as function of the Semiannual FXOS and NX - os security release in February 2022 . The left three exposure might all be expend to father self-abnegation of overhaul ( DoS ) assail . This high up - stiffness flaw , name as CVE-2022 - 20624 , live because entry CFSoIP mailboat are n’t adequately verify , appropriate an assaulter to institutionalize bad mail boat to tap it . Another practice defect in NX - rate OS ’s clipper for Bidirectional Forwarding Detection ( BFD ) traffic has been find as CVE-2022 - 20623 , and it can be victimized remotely , without authentication , to causal agent BFD dealings to be set down . Cisco dot out that the NX - API feature of speech is work off by default on . The NSA ’s exposure dissemble NX - O ’ Fabric Services over IP ( CFSoIP ) capability . sole permutation in the Nexus 9000 serial ladder standalone NX - Os are impress . The exposure be because TCP traffic bear to a particular porthole is not properly sanitised , appropriate an attacker to give in bad data .