EXACC: Cisco Critical Updates For 220 Series Switches And UCS / IMC Products
(Doc ID 2585652.1)
Last updated on OCTOBER 28, 2019
Applies to:Oracle Database Exadata Cloud Machine - Version N/A to N/A
Information in this document applies to any platform.
Customer security unit requires to determine if the OCC device has Cisco 220 switches and UCS / IMC devices.
They have received following notification
Threat 8/2019: Cisco Critical Updates for 220 Series Switches and UCS / IMC Products
Cisco has released fixes for critical vulnerabilities in 220 Series Switches, as well as Unified Computing System and Integrated Management Controller: CVE-2019-1938, CVE-2019-1935, CVE-2019-1974, and CVE-2019-1937
The vulnerabilities allow the exploiter to control the products. Although vulnerabilities have a high risk classification (CVSS score of 9.8 / 10), exploits must be linked to product management interfaces and there is no known public exploit method.
We recommend upgrading vulnerable products.
In addition, we recommend that infrastructure management services are only accessible through a closed management network.
As regards the telecommunications services provided by Istekki, threat management measures will be initiated.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document