Advisory ID: cisco-sa-20160120-ucsm
Revision: 1.0
For Public Release 2016 January 20 16:00 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco
Firepower 9000 Series appliance could allow an unauthenticated, remote
attacker to execute arbitrary commands on the Cisco Unified Computing
System (UCS) Manager or the Cisco Firepower 9000 Series appliance.
The vulnerability is due to unprotecting calling of shell commands in
the CGI script. An attacker could exploit this vulnerability by
sending a crafted HTTP request to the Cisco UCS Manager or the Cisco
Firepower 9000 Series appliance. An exploit could allow the attacker
to execute arbitrary commands on the Cisco UCS Manager or the Cisco
Firepower 9000 Series appliance.
Cisco has released software updates that address this vulnerability.
Komentarų nėra:
Rašyti komentarą