Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
The Cisco Support and Downloads page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
Resolution of this vulnerability requires a BIOS update on affected Cisco MDS, Nexus, and UCS Fabric Interconnect platforms that are running Cisco NX-OS Software.
To upgrade the BIOS on Cisco MDS and Nexus Standalone platforms, upgrade Cisco NX-OS Software on the affected devices with the install all CLI command or install a specific SMU as indicated in the Fixed Release table that follows. For more information, see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 10.4(x).
For Cisco Nexus 9000 Series Switches in ACI mode, upgrade to a fixed software release as shown in the Fixed Release table that follows. For more information, see the Cisco APIC Installation and ACI Upgrade and Downgrade Guide.
For Cisco UCS Fabric Interconnect platforms, upgrade to a fixed software release as shown in the Fixed Release table that follows. For more information, see the Cisco UCS Manager Firmware Management Guide, Release 4.3.
Cisco recommends verifying the BIOS version for each platform after the upgrade has been completed.
Note: For Cisco MDS and Nexus standalone platforms, if the device was not previously upgraded by using the install all CLI command, the BIOS might not have been upgraded. Even if customers are running a fixed Cisco NX-OS Software release, they are advised to check the BIOS version and use the install all command to complete the BIOS upgrade, if applicable.
In the following table, the left column lists Cisco MDS, Nexus, and UCS Fabric Interconnect platforms. The middle column indicates the first BIOS version that includes the fix for this vulnerability. The right column indicates the corresponding first Cisco NX-OS Software release or SMU or Cisco UCS Software release that incorporates the fixed BIOS version.
Cisco MDS 9000 Series Multilayer Switches |
First Fixed BIOS Version |
First Fixed Cisco NX-OS Software Release |
MDS 9124V 64-Gbps 24-Port Fibre Channel Switch (DS-C9124V-K9) |
1.07 |
9.4(2) |
MDS 9132T Fibre Channel Switch (DS-C9132T-K9) |
1.46 |
9.4(2) |
MDS 9148T switch (DS-C9148T-K9) |
1.07 |
9.4(2) |
MDS 9148V 64-Gbps 48-Port Fibre Channel Switch (DS-C9148V-K9) |
1.07 |
9.4(2) |
MDS 9220i Multiservice Fabric Switch (DS-C9220I-K9) |
1.13 |
9.4(2) |
MDS 9396T 32-Gbps 96-Port Fibre Channel Switch (DS-C9396T-K9) |
1.07 |
9.4(2) |
MDS 9396V 64-Gbps 96-Port Fibre Channel Switch (DS-C9396V-K9) |
1.09 |
9.4(2) |
MDS 9700 Supervisor-4 Module (DS-X97-SF4-K9) |
2.17.0 or 4.9.0 |
9.4(2) |
Cisco Nexus 3000 Series Switches |
First Fixed BIOS Version |
First Fixed Cisco NX-OS Software Release |
Nexus 31108PC-V Switch (N3K-C31108PC-V) |
4.22 |
9.3(14) SMU (Dec 2024) |
Nexus 31108TC-V Switch (N3K-C31108TC-V) |
4.22 |
9.3(14) SMU (Dec 2024) |
Nexus 31128PQ Switch (N3K-C31128PQ) |
7.70 |
9.3(14) SMU (Dec 2024) |
Nexus 3132C-Z Switch (N3K-C3132C-Z) |
5.51 |
9.3(13) |
Nexus 3232C Switch (N3K-C3232C) |
8.40 |
9.3(14) SMU (Dec 2024) |
Nexus 3264C-E Switch (N3K-C3264C-E ) |
5.51 |
9.3(13) |
Nexus 3264Q Switch (N3K-C3264Q) |
8.40 |
9.3(14) SMU (Dec 2024) |
Nexus 3408-S Switch (N3K-C3408-S) |
5.44 |
9.3(13) |
Nexus 34200YC-SM Switch (N3K-C34200YC-SM) |
5.51 |
9.3(13) |
Nexus 3432D-S Switch (N3K-C3432D-S) |
5.51 |
9.3(13) |
Nexus 36180YC-R Switch (N3K-C36180YC-R) |
1.24 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 3636C-R Switch (N3K-C3636C-R) |
1.24 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Cisco Nexus 7000 Series Switches |
First Fixed BIOS Version |
First Fixed Cisco NX-OS Software Release |
Nexus 7700 Supervisor 3E (N77-SUP3E) |
1.56.0 or 3.10.0 |
8.4(10) |
Cisco Nexus 9000 Series Switches in ACI mode |
First Fixed BIOS Version |
First Fixed Cisco NX-OS Software Release |
Nexus 93108TC-EX ACI-Mode Switch (N9K-C93108TC-EX) |
7.71 |
16.0(8f) 16.1(2) |
Nexus 93108TC-EX-24 ACI-Mode Switch (N9K-C93108TC-EX-24) |
7.71 |
16.0(8f) 16.1(2) |
Nexus 93108TC-FX ACI-Mode Switch (N9K-C93108TC-FX) |
5.51 |
16.0(4c) |
Nexus 93108TC-FX-24 ACI-Mode Switch (N9K-C93108TC-FX-24) |
5.51 |
16.0(4c) |
Nexus 93108TC-FX3 ACI-Mode Switch (N9K-C93108TC-FX3) |
1.05 |
16.0(8f) 16.1(2) |
Nexus 93108TC-FX3H ACI-Mode Switch (N9K-C93108TC-FX3H) |
5.51 |
16.0(8f) 16.1(2) |
Nexus 93108TC-FX3P ACI-Mode Switch (N9K-C93108TC-FX3P) |
5.51 |
16.0(4c) |
Nexus 93120TX ACI-Mode Switch (N9K-C93120TX) |
7.70 |
15.3(2e) |
Nexus 9316D-GX ACI-Mode Switch (N9K-C9316D-GX) |
5.51 |
16.0(4c) |
Nexus 93180LC-EX ACI-Mode Switch (N9K-C93180LC-EX) |
5.51 |
16.0(4c) |
Nexus 93180YC-EX ACI-Mode Switch (N9K-C93180YC-EX) |
7.71 |
16.0(8f) 16.1(2) |
Nexus 93180YC-EX-24 ACI-Mode Switch (N9K-C93180YC-EX-24) |
7.71 |
16.0(8f) 16.1(2) |
Nexus 93180YC-FX ACI-Mode Switch (N9K-C93180YC-FX) |
5.51 |
16.0(4c) |
Nexus 93180YC-FX-24 ACI-Mode Switch (N9K-C93180YC-FX-24) |
5.51 |
16.0(4c) |
Nexus 93180YC-FX3 ACI-Mode Switch (N9K-C93180YC-FX3) |
1.09 |
16.0(8f) 16.1(2) |
Nexus 93180YC-FX3H ACI-Mode Switch (N9K-C93180YC-FX3H) |
1.09 |
16.0(8f) 16.1(2) |
Nexus 93216TC-FX2 ACI-Mode Switch (N9K-C93216TC-FX2) |
5.51 |
16.0(4c) |
Nexus 93240YC-FX2 ACI-Mode Switch (N9K-C93240YC-FX2) |
5.51 |
16.0(4c) |
Nexus 9332C ACI-Mode Switch (N9K-C9332C) |
5.51 |
16.0(4c) |
Nexus 9332D-GX2B ACI-Mode Switch (N9K-C9332D-GX2B) |
1.13 |
16.0(8f) 16.1(2) |
Nexus 93360YC-FX2 ACI-Mode Switch (N9K-C93360YC-FX2) |
5.51 |
16.0(4c) |
Nexus 9336C-FX2 ACI-Mode Switch (N9K-C9336C-FX2) |
5.51 |
16.0(4c) |
Nexus 9336C-FX2-E ACI-Mode Switch (N9K-C9336C-FX2-E) |
1.07 |
16.0(4c) |
Nexus 9348D-GX2A ACI-Mode Switch (N9K-C9348D-GX2A) |
1.09 |
16.0(8f) 16.1(2) |
Nexus 9348GC-FX3 ACI-Mode Switch (N9K-C9348GC-FX3) |
1.06 |
16.0(8f) 16.1(2) |
Nexus 9348GC-FXP ACI-Mode Switch (N9K-C9348GC-FXP) |
5.51 |
16.0(4c) |
Nexus 93600CD-GX ACI-Mode Switch (N9K-C93600CD-GX) |
5.51 |
16.0(4c) |
Nexus 9364C ACI-Mode Switch (N9K-C9364C) |
5.51 |
16.0(4c) |
Nexus 9364C-GX ACI-Mode Switch (N9K-C9364C-GX) |
5.51 |
16.0(4c) |
Nexus 9364D-GX2A ACI-Mode Switch (N9K-C9364D-GX2A) |
1.16 |
16.0(8f) 16.1(2) |
Nexus 9500 Supervisor A (N9K-SUP-A) ACI-Mode |
8.40 |
16.0(8f) |
Nexus 9500 Supervisor A+ (N9K-SUP-A+) ACI-Mode |
5.51 |
16.0(4c) |
Nexus 9500 Supervisor B (N9K-SUP-B) ACI-Mode |
8.40 |
16.0(8f) |
Nexus 9500 Supervisor B+ (N9K-SUP-B+) ACI-Mode |
5.51 |
16.0(4c) |
Cisco Nexus 9000 Series Switches in Standalone NX-OS mode |
First Fixed BIOS Version |
First Fixed Cisco NX-OS Software Release |
Nexus 92160YC-X Switch (N9K-C92160YC-X) |
None planned |
None planned1 |
Nexus 92300YC Switch (N9K-C92300YC) |
5.51 |
9.3(13) |
Nexus 9232C Switch (N9K-C9232C) |
7.71 |
9.3(14) SMU (Dec 2024) 10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) 10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 92348GC-X Switch (N9K-C92348GC-X) |
5.46 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9236C Switch (N9K-C9236C) |
7.71 |
9.3(14) SMU (Dec 2024) |
Nexus 9272Q Switch (N9K-C9272Q) |
7.71 |
9.3(14) SMU (Dec 2024) |
Nexus 93108TC-EX Switch (N9K-C93108TC-EX) |
7.71 |
9.3(14) SMU (Dec 2024) 10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) |
Nexus 93108TC-EX-24 Switch (N9K-C93108TC-EX-24) |
7.71 |
9.3(14) SMU (Dec 2024) 10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) |
Nexus 93108TC-FX Switch (N9K-C93108TC-FX) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93108TC-FX-24 Switch (N9K-C93108TC-FX-24) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93108TC-FX3 Switch (N9K-C93108TC-FX3) |
1.05 |
10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 93108TC-FX3H Switch (N9K-C93108TC-FX3H) |
5.51 |
10.3(5) 10.4(2) |
Nexus 93108TC-FX3P Switch (N9K-C93108TC-FX3P) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93120TX Switch (N9K-C93120TX) |
7.70 |
9.3(14) SMU (Dec 2024) |
Nexus 9316D-GX Switch (N9K-C9316D-GX) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93180LC-EX Switch (N9K-C93180LC-EX) |
5.51 |
9.3(13) |
Nexus 93180YC-EX Switch (N9K-C93180YC-EX) |
7.71 |
9.3(14) SMU (Dec 2024) 10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) |
Nexus 93180YC-EX-24 Switch (N9K-C93180YC-EX-24) |
7.71 |
9.3(14) SMU (Dec 2024) 10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) |
Nexus 93180YC-FX Switch (N9K-C93180YC-FX) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93180YC-FX-24 Switch (N9K-C93180YC-FX-24) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93180YC-FX3 Switch (N9K-C93180YC-FX3) |
1.09 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93180YC-FX3H Switch (N9K-C93180YC-FX3H) |
1.09 |
10.3(5) 10.4(2) |
Nexus 93180YC-FX3S Switch (N9K-C93180YC-FX3S) |
1.09 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93216TC-FX2 Switch (N9K-C93216TC-FX2) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93240YC-FX2 Switch (N9K-C93240YC-FX2) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93240YC-FX2-Z Switch (N9K-C93240YC-FX2-Z) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9332C Switch (N9K-C9332C) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9332D-GX2B Switch (N9K-C9332D-GX2B) |
1.13 |
10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) 10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9332D-H2R Switch (N9K-C9332D-H2R) |
1.07 |
10.4(4) SMU (Dec 2024) 10.5(1) |
Nexus 93360YC-FX2 Switch (N9K-C93360YC-FX2) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9336C-FX2 Switch (N9K-C9336C-FX2) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9336C-FX2-E Switch (N9K-C9336C-FX2-E) |
1.07 |
10.2(7) 10.3(5) 10.4(2) |
Nexus 93400LD-H1 Switch (N9K-C93400LD-H1) |
2.10 |
10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9348D-GX2A Switch (N9K-C9348D-GX2A) |
1.09 |
10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) 10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9348GC-FX3 Switch (N9K-C9348GC-FX3) |
1.06 |
10.4(2) |
Nexus 9348GC-FX3PH Switch (N9K-C9348GC-FX3PH) |
1.06 |
10.4(2) |
Nexus 9348GC-FXP Switch (N9K-C9348GC-FXP) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9358GY-FXP Switch (N9K-C9358GY-FXP) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 93600CD-GX Switch (N9K-C93600CD-GX) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9364C Switch (N9K-C9364C) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9364C-GX Switch (N9K-C9364C-GX) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9364C-H1 Switch (N9K-C9364C-H1) |
1.06 |
10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9364D-GX2A Switch (N9K-C9364D-GX2A) |
1.16 |
10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) 10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9408 Switch (N9K-C9408) |
1.11 |
10.3(6) SMU (Dec 2024) 10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9500 Supervisor A (N9K-SUP-A) |
8.40 |
9.3(14) SMU (Dec 2024) 10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) 10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9500 Supervisor A+ (N9K-SUP-A+) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9500 Supervisor B (N9K-SUP-B) |
8.40 |
9.3(14) SMU (Dec 2024) 10.2(8) SMU (Dec 2024) 10.3(6) SMU (Dec 2024) 10.4(4) SMU (Dec 2024) 10.5(2) |
Nexus 9500 Supervisor B+ (N9K-SUP-B+) |
5.51 |
9.3(13) 10.2(7) 10.3(5) 10.4(2) |
Nexus 9800 Supervisor (N9K-C9800-SUP-A) |
1.12 |
10.3(5) 10.4(3) |
Cisco UCS Fabric Interconnects |
First Fixed BIOS Version |
First Fixed Cisco UCS Software Release |
UCS 64108 Fabric Interconnect (UCS-FI-64108) |
5.50 |
4.1(3n) (Dec 2024) 4.2(3n) (Jan 2025) 4.3(4a) |
UCS 6454 Fabric Interconnect (UCS-FI-6454) |
5.50 |
4.1(3n) (Dec 2024) 4.2(3n) (Jan 2025) 4.3(4a) |
UCS 6536 Fabric Interconnect (UCS-FI-6536) |
1.6 |
4.3(4a) |
Note: Because this vulnerability is relevant only for Cisco MDS, Nexus, and UCS Fabric Interconnect platforms that support secure boot, legacy Cisco MDS, Nexus, and UCS Fabric Interconnect platforms that do not support secure boot are not listed in the table above.
The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.