Guest

Preview Tool

Cisco Bug: CSCut46961 - Cisco UCS Central Software Arbitrary Command Execution Vulnerability

Last Modified

Jan 31, 2017

Products (2)

  • Cisco UCS Central Software
  • Cisco UCS Central 1.x

Known Affected Releases

1.2(1d)

Description (partial)

Symptom:
A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary
commands on the affected device.

The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an
affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system.

Conditions:
Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.