Home Unlabelled Cisco UCS Central Software Arbitrary Command Execution Vulnerability

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

By
Wednesday, May 06, 2015
Read
Add Comment
A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.

The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://ift.tt/1Jr6tJu

from Cisco Security Advisory http://ift.tt/1Jr6tJu
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us