• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-20624- A Denial Of Service Vulnerability In CFSoIP Service Of Cisco NX-OS
How to Fix CVE-2022-20624- A Denial of Service Vulnerability in CFSoIP Service of Cisco NX-OS

Cisco has published advisory for three high severity and one medium severity vulnerability. Successful exploitation of the vulnerabilities could take over the vulnerable Cisco appliances. The flaws CVE-2022-20624 with a base score of 8.6 is the second DoS vulnerability after CVE-2022-20623 among the four, which allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. We recommend that all the Cisco Switch owners of Nexus 3000, 9000, and UCS 6400 Series read this post that tells how to fix CVE-2022-20624- A Denial of Service Vulnerability in CFSoIP Service of Cisco NX-OS.

List Of Other Vulnerabilities Disclosed In Cisco Switches Are:

  1. CVE-2022-20650
  2. CVE-2022-20623
  3. CVE-2022-20624
  4. CVE-2022-20625

Summary Of CVE-2022-20624:

This is the second DoS vulnerability after CVE-2022-20623 on the list targets Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software. This vulnerability allows unauthenticated, remote attackers to cause a denial of service (DoS) condition on an affected device. The flaw is due to improper validation of incoming CFSoIP packets. 

Cisco says, “An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.” in its advisory.

Cisco Switches Affected By CVE-2022-20624:

The device maker said that Nexus series 3000, 9000, and UCS 6400 are affected by the Denial of Service vulnerability only if the CFSoIP feature is enabled on them.

  • Nexus 3000 Series Switches (CSCvy95696)
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCvy95696)
  • UCS 6400 Series Fabric Interconnects (CSCvy95840)

Cisco Switcher Not-Affected By CVE-2022-20624:

Cisco clearly says that these models are safe and not affected by the CVE-2022-20624 flaw. Owners of these models can ignore the vulnerability.

  • Firepower 1000 Series
  • Firepower 2100 Series
  • Firepower 4100 Series
  • Firepower 9300 Security Appliances
  • MDS 9000 Series Multilayer Switches
  • Nexus 1000 Virtual Edge for VMware vSphere
  • Nexus 1000V Switch for Microsoft Hyper-V
  • Nexus 1000V Switch for VMware vSphere
  • Nexus 5500 Platform Switches
  • Nexus 5600 Platform Switches
  • Nexus 6000 Series Switches
  • Nexus 7000 Series Switches
  • Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
  • UCS 6200 Series Fabric Interconnects
  • UCS 6300 Series Fabric Interconnects

How To Say Your Cisco Nexus Switch Vulnerable?

The best possible way to say that your Cisco device is vulnerable is by the state of Cisco Fabric Services over IP (CFSoIP). If you see CFSoIP is enabled on your device, then your device may be vulnerable to the CVE-2022-20624 DoS attacks. You can check the status of the CFSoIP service by issuing the show cfs status command on the NX-OS CLI command prompt on Nexus series 3000 and 9000. Use connect nxos command on the Cisco UCS Fabric series to connect Cisco NX-OS CLI, then use the how cfs status command to check the status of CFSoIP.

If the status of Distribution over IP is Enabled, then CFSoIP is enabled on the device.

switch# show cfs status
Distribution : Enabled
Distribution over IP : Enabled
IPv4 multicast address : 239.255.70.83
IPv6 multicast address : ff15::efff:4653
Distribution over Ethernet : Disabled

How To Fix CVE-2022-20624- A Denial Of Service Vulnerability In CFSoIP Service Of Cisco NX-OS?

Since the vulnerability lice in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco Switchers. Attackers could exploit the flaw only if the CFSoIP feature is enabled. CFSoIP feature is disabled by default on the Nexus 3000 and 9000 Series Switches. However, the feature is enabled by default on UCS 6400 series switches.

We recommend not to change the CFS configurations until you are sure about the impact. We suggest reading the CFS Configuration Guide before making any changes.

Cisco has published Cisco Software Checker service to search for Cisco Security Advisories for specific Cisco IOS, IOS XE, NX-OS, and NX-OS in ACI Mode software releases.

Cisco has addressed the CVE-2022-20624vulnerability by releasing the following SMUs. Customers are asked to download the SMUs from the Software Center on Cisco.com. Visit Cisco Nexus 3000 Series Switches or Cisco Nexus 9000 Series Switches to know about downloading and installing these SMUs. 

Cisco NX-OS Software ReleasePlatformSMU Name
7.0(3)I7(10)Nexus 3000 and 9000 Series Switchesnxos.CSCvy95696-n9k_ALL-1.0.0-7.0.3.I7.10.lib32_n9000.rpm
9.3(8)Nexus 3000 and 9000 Series SwitchesCSCvy95696-n9k_ALL-1.0.0-9.3.8.lib32_n9000.rpm

Owners of UCS 6400 Series switches, follow the table to upgrade the software.

Cisco UCS Software ReleaseFirst Fixed Release for This Vulnerability
4.0Migrate to a fixed release.
4.14.1(3h),
4.24.2(1l)1

We hope this post will help you know How to Fix CVE-2022-20624- A Denial of Service Vulnerability in CFSoIP Service of Cisco NX-OS. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.