Solved: Re: Cisco UCS M5/M6 Downfall CVE-2022-40982 Advisory

Riaan van Niekerk · ‎08-31-2023

I created this advisory because there is no central public Cisco Advisory page with all the information users would want (yet).

https://www.reddit.com/r/CiscoUCS/comments/160scwg/cisco_ucs_m5m6_downfall_cve202240982_advisory/

I will expand it as I get more information from Cisco about other/older UCS firmware releases that get the fix. Suggestions for expansion and improvement here or on Reddit are more than welcome.

Riaan van Niekerk · ‎09-28-2023

Thanks, mine was not a question but sharing of content, since it does not look like Cisco will create their own advisory for this issue. In my advisory, I have linked to all the pages you linked to, the M5 & M6 reports as well as the 4.3.2 release notes.

Also, 4.2(3h) which fixes this issue in the 4.2 release train, was released today, 28 September. I have updated my “community advisory”.

View solution in original post

nusimoes · ‎09-06-2023

Hello, Riaan

Thanks for your question.

About this topic, you can find some more details and information in the follow links:

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/release/notes/b_release-notes-ucsm-4_3.html -> Reference to CVE-2022-40982 found.
Related bugs:
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf30468
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf98316

I hope that this information can be useful for you.

Thanks and best regards.

Riaan van Niekerk · ‎09-28-2023

Thanks, mine was not a question but sharing of content, since it does not look like Cisco will create their own advisory for this issue. In my advisory, I have linked to all the pages you linked to, the M5 & M6 reports as well as the 4.3.2 release notes.

Also, 4.2(3h) which fixes this issue in the 4.2 release train, was released today, 28 September. I have updated my “community advisory”.