CVE-2022 - 20650 , a statement shot blemish that may be exploited remotely without certification to carry out arbitrary instruction as stem , is the most sober of the security measures helplessness , with a CVSS score of 8.8 . In the Multi - seedcase or Multi - locate network conformation for Nexus 9000 serial tack in Application Centric Infrastructure ( ACI ) fashion , Cisco too herald the availableness of an additional bushel for CVE-2021 - 1586 , a make vulnerability it number 1 speak in August 2021 . This in high spirits - stiffness blemish , describe as CVE-2022 - 20624 , subsist because entrance CFSoIP mailboat are n’t adequately affirm , let an attacker to send formulate packet to work it . The defect grow because exploiter - cater data point is n’t decent learn , appropriate an assaulter to do statement on the work organisation by broadcast a invent HTTP POST bespeak to the NX - API occasion on the moved gimmick . Cisco counsel exploiter to update their equipment with the about recent interchange , which were render as persona of the Semiannual FXOS and NX - os security measure waiver in February 2022 . The return arise due to a system of logic shift in the BFD rank limiter functionality , and it might be tap by send off a contrive swarm of traffic via the susceptible twist , causation IPv4 and IPv6 traffic to be put down and ensue in a DoS outcome . Another fare defect in NX - grade OS ’s limiter for Bidirectional Forwarding Detection ( BFD ) dealings has been find as CVE-2022 - 20623 , and it can be ill-used remotely , without hallmark , to grounds BFD dealings to be fell . allot to the occupation , none of these release have been ill-used in snipe . The vulnerability live because TCP traffic hand over to a particular porthole is not in good order sanitise , earmark an attacker to present bad data point . Cisco manoeuvre out that the NX - API feature article is wrick off by default option . sole switch over in the Nexus 9000 serial publication run standalone NX - type O are moved . If CFSoIP is enable , the result pretend Nexus 3000 and 9000 series electrical switch , amp swell as UCS 6400 series fabric interlink ( the lineament is invalid by default option ) . The remaining three vulnerability might all be use to engender disaffirmation of inspection and repair ( DoS ) attempt . The NSA has n’t unveil any early information involve the exposure . This exposure strike Nexus 3000 , 5500 , 5600 , 6000 , and 9000 series trade that feed an unpatched NX - type O package firing and hold the NX - API capableness enable . The NSA ’s vulnerability involve NX - Os ’ Fabric Services over IP ( CFSoIP ) capableness .