Cisco Bug: CSCut46961 - Cisco UCS Central Software Arbitrary Command Execution Vulnerability
Jan 31, 2017
- Cisco UCS Central Software
- Cisco UCS Central 1.x
Known Affected Releases
Symptom: A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system. Conditions: Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases