How To Fix CVE-2022-20624- A Denial Of Service Vulnerability In CFSoIP Service Of Cisco NX-OS

Cisco has published advisory for three high severity and one medium severity vulnerability. Successful exploitation of the vulnerabilities could take over the vulnerable Cisco appliances. The flaws CVE-2022-20624 with a base score of 8.6 is the second DoS vulnerability after CVE-2022-20623 among the four, which allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. We recommend that all the Cisco Switch owners of Nexus 3000, 9000, and UCS 6400 Series read this post that tells how to fix CVE-2022-20624- A Denial of Service Vulnerability in CFSoIP Service of Cisco NX-OS.

List Of Other Vulnerabilities Disclosed In Cisco Switches Are:

Summary Of CVE-2022-20624:

This is the second DoS vulnerability after CVE-2022-20623 on the list targets Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software. This vulnerability allows unauthenticated, remote attackers to cause a denial of service (DoS) condition on an affected device. The flaw is due to improper validation of incoming CFSoIP packets. 

Cisco says, “An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.” in its advisory.

Cisco Switches Affected By CVE-2022-20624:

The device maker said that Nexus series 3000, 9000, and UCS 6400 are affected by the Denial of Service vulnerability only if the CFSoIP feature is enabled on them.

Cisco Switcher Not-Affected By CVE-2022-20624:

Cisco clearly says that these models are safe and not affected by the CVE-2022-20624 flaw. Owners of these models can ignore the vulnerability.

How To Say Your Cisco Nexus Switch Vulnerable?

The best possible way to say that your Cisco device is vulnerable is by the state of Cisco Fabric Services over IP (CFSoIP). If you see CFSoIP is enabled on your device, then your device may be vulnerable to the CVE-2022-20624 DoS attacks. You can check the status of the CFSoIP service by issuing the show cfs status command on the NX-OS CLI command prompt on Nexus series 3000 and 9000. Use connect nxos command on the Cisco UCS Fabric series to connect Cisco NX-OS CLI, then use the how cfs status command to check the status of CFSoIP.

If the status of Distribution over IP is Enabled, then CFSoIP is enabled on the device.

switch# show cfs status
Distribution : Enabled
Distribution over IP : Enabled
IPv4 multicast address : 239.255.70.83
IPv6 multicast address : ff15::efff:4653
Distribution over Ethernet : Disabled

How To Fix CVE-2022-20624- A Denial Of Service Vulnerability In CFSoIP Service Of Cisco NX-OS?

Since the vulnerability lice in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco Switchers. Attackers could exploit the flaw only if the CFSoIP feature is enabled. CFSoIP feature is disabled by default on the Nexus 3000 and 9000 Series Switches. However, the feature is enabled by default on UCS 6400 series switches.

We recommend not to change the CFS configurations until you are sure about the impact. We suggest reading the CFS Configuration Guide before making any changes.

Cisco has published Cisco Software Checker service to search for Cisco Security Advisories for specific Cisco IOS, IOS XE, NX-OS, and NX-OS in ACI Mode software releases.

Cisco has addressed the CVE-2022-20624vulnerability by releasing the following SMUs. Customers are asked to download the SMUs from the Software Center on Cisco.com. Visit Cisco Nexus 3000 Series Switches or Cisco Nexus 9000 Series Switches to know about downloading and installing these SMUs. 

Owners of UCS 6400 Series switches, follow the table to upgrade the software.

We hope this post would help you know How to Fix CVE-2022-20624- A Denial of Service Vulnerability in CFSoIP Service of Cisco NX-OS. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this. 

You may also like these articles: