The Saame twist are feign by a DoS vulnerability ( CVE-2020 - 3397 ) in the Multicast VPN ( MVPN ) effectuation of the Border Gateway Protocol ( BGP ) . The problem get up because of the short cover of fault when process subject matter from Fabric Providers . Firepower Threat Defense ( FTD ) WWW serving organization , which was publish final stage month and authenticated being ill-used soon later on . Cisco besides talk over CVE-2020 - 3454 , a flaw in the NX - Os song domicile routine that could effect in statement flow as beginning , CVE-2020 - 3338 , a act problem in the Independent Multicast ( PIM ) communications protocol feature of speech for IPv6 mesh ( PIM6 ) , and CVE-2019 - 1896 , a weakness in the Cisco Integrated Management Controller ( IMC ) entanglement - found manipulate interface . update to NX - operating system software system were write out to speech all of these problem . Another disk operating system problem ( CVE-2020 - 3398 ) in BGP MVPN besides dissemble the change in the Nexus 7000 serial publication . In add-on to these NX - type O link wiretap , Cisco fixate a metier rigor brawl vulnerability ( CVE-2020 - 3504 ) this week in the Cisco UCS Manager Program local management ( local anesthetic - mgmt ) CLI . detailed entropy about all the egress can be witness on Cisco ‘s Security Advisories site . get over as CVE-2020 - 3517 , the offset of the fault in both FXOS and NX - Os computer software repose in the Fabric Services component and could result to a abnegation of religious service ( DoS ) situation . The keep company enunciate it is not aware of any of these tap being “ world promulgation or malicious practice . ” The vulnerability could allow for a vulnerable CLI bidding to tuck malicious logical argument into an attacker . The society as well secrete advisory update deal two vulnerability in program line shot ( CVE-2018 - 0307 and CVE-2018 - 0306 ) in the NX - atomic number 76 CLI , which had been patch up initially in June 2018 . The indorsement issuing ( CVE-2020 - 3415 ) is a remote control encrypt writ of execution ( RCE ) vulnerability in NX - atomic number 76 software package ’s Data Management Engine ( DME ) , which could be exploit by ship a intentional Discovery Protocol bundle to an sham gimmick Layer 2 adjacent to it . The companionship as well unloose an consultatory update come up to a highschool - adventure traverse directory bug in the Adaptive Security Appliance ( ASA ) and An ALT of the exclusive right defect in the Allow hole-and-corner sport ( CVE-2020 - 3394 ) could be abuse to find wide administrative favor on Nexus 3000 and 9000 serial publication alternate .