#Cisco Cluster switch (3132Q-V) NX-OS versions

Hi All.

IHAC which is running a pair of 3132Q-V with NX 9.3(8)

Cisco has released an update for these 9.3(13) Dec 2023 which patches up some high CVE's

CVE-2024-20267 (Base Score 8.6):
CVE-2024-20321 (Base Score 8.6):

looking at the NetApp support site for Cisco Configs

https://mysupport.netapp.com/site/info/cisco-ethernet-switch

It seems NetApp only go up to 9.3(12)

Customer wants to patch this ASAP so how do we go about getting NetApp to add 9.3(13) to the Recommended Cluster NX-OS Versions.

Best to reach out to your NetApp Account Team and request an approval for this. They can submit requests through to engineering

these CVEs are related to BGP and MPLS, both of which are not even used on the backend switches. Your customer will not be affected by these!
(that is, unless he uses the switches for frontend-traffic too but then he's in unsupported territory anyway and there are many more things that can go wrong)

yes 100% understand and agree.. This might buy us some time but ultimately they want it patched..🤯 Ill reach out to our NetApp account team and get them to start the process. Also they need to patch their MDS devices.. I could not see any MDS FC switches on IMT. Does NetApp no longer care what version of OS is running on FC switches ?

They were on there last week..

ahh found it.. good old IMT.. almost need a NetApp cert on how to drive it 😉

Look, it’s solving some hard problems - we have tried our best to make it easy to use.. after 14 years I think I’ve got it 😉

Those who don’t know…. Mandating patches.
Where are the cluster switches in the critical path? Are end customers hitting them? Nope. Are customers using them for data? Nope. The only connection to the outside is a host port (mgmt0). The mgmt ports is usually not affected by most CVEs. It’s like my government customers wanting to fully STIG the cluster switches, which in some cases breaks the config (like shutting down vlan 1 for instance)