Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories, as well Vulnerability Note #261385 from the CERT Coordination Center (CERT/CC), and apply the necessary updates:
- IP Phone Remote Code Execution and Denial-of-Service Vulnerability cisco-sa-20200205-voip-phones-rce-dos
- NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability cisco-sa-20200205-nxos-cdp-rce
- Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial-of-Service Vulnerability cisco-sa-20200205-ipcameras-rce-dos
- IOS XR Software Cisco Discovery Protocol Format String Vulnerability cisco-sa-20200205-iosxr-cdp-rce
- FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial-of-Service Vulnerability cisco-sa-20200205-fxnxos-iosxr-cdp-dos