[c-nsp] Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Sep 2 12:15:08 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability

Advisory ID: cisco-sa-20150902-cimcs

Revision 1.0

For Public Release 2015 September 2 16:00  UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======
Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVecfnYpI1I6i1Mx3AQJNLhAAv2JmmTi39Ct3ih17a1XmdKxZxDhb33W0
++lYBipYbO9zgH6HaRjAX/CxG09vglgv3tyeEquFtVCGvBEs0x/PC8w7wig+VzlH
nXc8OgOMJlAnCuIn81cQra2SWtmVU2oaAbcQS9p3/uDNB3op+cPvkDJFTet9UX72
HC1CItpmUDWefKW44xeGNQ+8IsMBkBxOdHiyDmucu1zLXcg9hpxr56LDpDd8i61U
kJorlCVMnWrTzbgV1jtILxQ73PE2tlKyaVZamks2ODzF1wj4E8dkfAAiOHKCPMaP
BWSztYrybAfRbAqfkA+2FpOe6Cgd8S4O+01+4CbOwWjRpoqZhkVFnQgu21AymYxe
4q3y7KWw2IKLCrmHnjFlWs3687uoxUaxIiyxXozn/7U8bU05lh1c9eZH0KY+9cBo
O9VsM/d0YN68JaI5PDpAlqXssS9qYUrEbFu3Rdus2ss87yZi27e1Q4N9hMyJ1fo0
Wu6OqiuHLD1JTv059dXPDfmgDvt+0zuilmWoGKY5i7OAbSw8GhQVJ9Q3wdBdfYeX
8cBO+tt0xvVTMOz9mpBRx5a9dJXUo/Z5L5mi7n9jtfqqvrR9iDjZR3xVTqYXh+6M
Xtj0Q0J/VZV+ZCVWz0xXJoqBvtPnw47xbMcx7n1t8jR8bgk9+MS/0/E/cV1239K/
0JdOpPTLlXM=
=1xLQ
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list