Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories, as well as the Cisco Event Response page, and apply the necessary updates:
- UCS Manager Software Local Management CLI Command Injection Vulnerability cisco-sa-20200226-ucs-cli-cmdinj
- Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability cisco-sa-20200226-nexus-1000v-dos
- MDS 9000 Series Multilayer Switches Denial of Service Vulnerability cisco-sa-20200226-mds-ovrld-dos
- FXOS and UCS Manager Software CLI Command Injection Vulnerability cisco-sa-20200226-fxos-ucs-cmdinj
- FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability cisco-sa-20200226-fxos-ucs-cli-cmdinj
- XOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability cisco-sa-20200226-fxos-nxos-cdp