Cisco has released a security update to address several vulnerabilities in the following products:

• Cisco NX-OS Software OSPFv3
  • Nexus 3000 Series Switches (CSCvz68748)
  • Nexus 5500 Platform Switches (CSCwb50015)
  • Nexus 5600 Platform Switches (CSCwb50015)
  • Nexus 6000 Series Switches (CSCwb50015)
  • Nexus 7000 Series Switches (CSCwb50013)
  • Nexus 9000 Series Fabric Switches in ACI mode (CSCwb50012)
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCvz68748)
• Cisco FXOS and NX-OS Software Cisco Discovery Protocol
  • Firepower 4100 Series (CSCwb74498)
  • Firepower 9300 Security Appliances (CSCwb74498)
  • MDS 9000 Series Multilayer Switches (CSCwb74494)
  • Nexus 1000 Virtual Edge for VMware vSphere (CSCwb74495)
  • Nexus 1000V Switch for Microsoft Hyper-V (CSCwb74495)
  • Nexus 1000V Switch for VMware vSphere (CSCwb74495)
  • Nexus 3000 Series Switches (CSCwb70210)
  • Nexus 5500 Platform Switches (CSCwb74496)
  • Nexus 5600 Platform Switches (CSCwb74496)
  • Nexus 6000 Series Switches (CSCwb74496)
  • Nexus 7000 Series Switches (CSCwb74494)
  • Nexus 9000 Series Fabric Switches in ACI mode (CSCwb74493)
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCwb70210)
  • UCS 6200 Series Fabric Interconnects (CSCwb74497)
  • UCS 6300 Series Fabric Interconnects (CSCwb74497)
  • UCS 6400 Series Fabric Interconnects (CSCwb74513)
• Cisco ACI Multi-Site Orchestrator
  • Cisco ACI MSO

Attacker could exploit these vulnerabilities by doing the following:

• Execute arbitrary code
• Denial of service attack (DoS)
• Escalation of privilege

The CERT team encourages users to review Cisco security advisory and apply the necessary updates:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu