Software and Cisco UCS Manager Software could let an authenticated

 A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could let an authenticated, local attacker execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges, Cisco stated.

A second vulnerability in the local management of the same CLI interface in  Cisco FXOS Software and Cisco UCS Manager Software could allow similar problems.

A weakness in the Cisco Discovery Protocol feature of Cisco computer science or computer engineering Software and Cisco NX-OS Software could let an unauthenticated, adjacent attacker exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. (Cisco Discovery Protocol is a Layer 2 protocol.) To exploit this vulnerability, an attacker must be Layer 2 adjacent – in the same broadcast domain – as the affected device  A successful exploit could lead to a buffer overflow that could then allow attackers to execute arbitrary code as root or cause a DoS condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers, Cisco stated.