Vulnslist

There are no workarounds that address this vulnerability. However, there is a mitigation.

If it is not required, SSH access to the Cisco IMC of an affected device may be disabled.

For Cisco UCS C-Series and UCS S-Series Servers in standalone mode, choose Admin > Communication Services on the Cisco IMC web UI and uncheck the SSH Enabled option.

For Cisco UCS B-Series, Managed UCS C-Series, Managed UCS S-Series, and UCS X-Series Servers, disable the Serial over LAN (SoL) policy on the associated Service Profile (SoL access is disabled by default). From the Servers section of the Cisco UCS Manager web UI, do the following:

Choose the Service Profile in question.
Click the Change Serial over LAN Policy link under Actions in the Policies tab.
Choose the No Serial over LAN Policy option.
Click OK.

Alternatively, edit the applied Serial Over LAN Policy under Policies > Serial Over LAN Policies and change the Serial over LAN State property from Enable to Disable. This would disable SoL access for all the Service Profiles that are using the SoL policy in question.

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.