漏洞类别:Cisco
漏洞等级: 
漏洞信息
A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
The vulnerability is due to improper input validation.
QID Detection Logic (Authenticated):
This QID reviews the Cisco UCS central version via "show version".
The QID is posted if Cisco UCS central software version less than or equal to "1.2" is found.
漏洞危害
An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.
解决方案
The vendor has released fixes to resolve this issue. Refer to cisco-sa-20150506-ucsc to obtain additional details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论