Cisco Releases Advisories for Command Injection Vulnerabilities in Multiple Products

Cisco Integrated Management Controller (IMC)

Affects devices running a vulnerable release of Cisco IMC in the default configuration:

• 5000 Series Enterprise Network Compute Systems (ENCS)
• Catalyst 8300 Series Edge uCPE
• UCS C-Series  in standalone mode
• UCS E-Series Servers
• UCS S-Series Storage Servers in standalone mode

Also affects devices on a pre-configured version of a Cisco UCS C-Series Server are also affected if they expose access to the Cisco IMC CLI:

• 5520 and 8540 Wireless Controllers
• Application Policy Infrastructure Controller (APIC) Servers
• Business Edition 6000 and 7000 Appliances
• Catalyst Center Appliances, formerly DNA Center (DNAC)
• Cloud Services Platform (CSP) 5000 Series
• Common Services Platform Collector (CSPC) Appliances
• Connected Mobile Experiences (CMX) Appliances
• Connected Safety and Security UCS Platform Series Servers
• Cyber Vision Center Appliances
• Expressway Series Appliances
• HyperFlex Edge Nodes
• HyperFlex Nodes in HyperFlex Datacenter without Fabric Interconnect (DC-NO-FI) deployment mode
• IEC6400 Edge Compute Appliances
• IOS XRv 9000 Appliances
• Meeting Server 1000 Appliances
• Nexus Dashboard Appliances
• Prime Infrastructure Appliances
• Prime Network Registrar Jumpstart Appliances
• Secure Email Gateways
• Secure Email and Web Manager
• Secure Endpoint Private Cloud Appliances
• Secure Firewall Management Center Appliances, formerly Firepower Management Center
• Secure Malware Analytics Appliances
• Secure Network Analytics Appliances
• Secure Network Server Appliances
• Secure Web Appliances
• Secure Workload Servers
• Telemetry Broker Appliances