Cisco UCS Central Software Arbitrary Command Execution Vulnerability (CVE-2015-0701)
Cisco UCS Central Software Arbitrary Command Execution Vulnerability (CVE-2015-0701)
Release date:
Updated on:
Affected Systems:
Cisco UCS Central Software <1.2
Description:
CVE (CAN) ID: CVE-2015-0701
Cisco UCS Central Software is a solution for managing and monitoring Cisco UCS resources globally.
A security vulnerability exists in Cisco UCS Central Software 1.2 and earlier versions. Remote attackers can exploit this vulnerability to execute arbitrary commands by constructing HTTP requests.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20150506-ucsc) and patches for this:
Cisco-sa-20150506-ucsc: Cisco UCS Central Software Arbitrary Command Execution Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
This article permanently updates the link address: