My Oracle Support Banner

EXACC: Cisco Critical Updates For 220 Series Switches And UCS / IMC Products (Doc ID 2585652.1)

Last updated on OCTOBER 28, 2019

Applies to:

Oracle Database Exadata Cloud Machine - Version N/A to N/A
Information in this document applies to any platform.

Goal

Customer security unit requires to determine if the OCC device has Cisco 220 switches and UCS / IMC devices.

They have received following notification

Threat 8/2019: Cisco Critical Updates for 220 Series Switches and UCS / IMC Products

DESCRIPTION:

Cisco has released fixes for critical vulnerabilities in 220 Series Switches, as well as Unified Computing System and Integrated Management Controller: CVE-2019-1938, CVE-2019-1935, CVE-2019-1974, and CVE-2019-1937
The vulnerabilities allow the exploiter to control the products. Although vulnerabilities have a high risk classification (CVSS score of 9.8 / 10), exploits must be linked to product management interfaces and there is no known public exploit method.

MEASURES:

We recommend upgrading vulnerable products.
In addition, we recommend that infrastructure management services are only accessible through a closed management network.
As regards the telecommunications services provided by Istekki, threat management measures will be initiated.
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.