漏洞类别:Cisco
漏洞等级: 
漏洞信息
A vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.
The vulnerability is due to improper input validation by the affected software.
QID Detection Logic (Authenticated):
This QID reviews the Cisco UCS central version via "show version".
The QID is posted if Cisco UCS central software version less than or equal to "1.3(1b)" is found.
漏洞危害
An attacker could exploit this vulnerability by sending a malicious HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system.
解决方案
The vendor has released fixes to resolve this issue. Refer to cisco-sa-20160413-ucs to obtain additional details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论