[c-nsp] Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Jul 20 12:03:41 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Advisory ID: cisco-sa-20160720-ucsperf

Revision 1.0

For Public Release 2016 July 20 16:00  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands.

The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf






-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXj4blAAoJEK89gD3EAJB5fxUP/3IUSqmwPNOO0uzEISZsClbP
eV1sWplfvIR0+D/ZehXwg5I5Bjla77t0YUmqa2OlqmmGUA6etCsz1CAJhYI99jhV
dBTVjzIJ7/gaEqZq9SpiYwcqTe/5mU8vhJwt8T/x0GfS7qvPMAPxGmiS8NijZN1m
O2aUYZOi3tjxwrYM72NtdjKMcxVJ4HhvwPA8QcUV+b+B8MgMwDp9i7zaJHldLJAB
dAOUoIMmqSrsTjp5QX+oBv77XMoL6489hPNF0Kdt2ysIlcJDMQFn9Mv2PM76rolT
d/v91W3FWA43X5BnZISHxh+YKLSxli4sHXKR2H3nDhrhZml9e9FwyvQBmKGAStb+
IUJPfFkkFt/y/QHQiPx98MoW1bwaq7jarpihGearGcm6IKWw7op+c1xPVaKI6j/W
3zLObIbqHItCCE+62Qb6PLYTzaX/EyKtwpOsEiHZmPMsVyEFGsb57HyS4cS3Orm4
nlzxZRkv6VGfEx6uWr2VasD2pXUBEMY3fv9QJ/1fGcZokdaw0F+NwT89JhYd5nRE
nAwxCi2E9lVpI+pZOYlWwjkKCdLn5Tl0Xefqxz9q5u/URcWKPSLwOkQ7ZY3ajM9x
LBMhU3ub+H/rms6sykXRERawO/pCnwzDEh4LvoRocd3bM9s3pLKiV3KWJAQxIQE3
y0TbOx9qKJpsZO3Kwywy
=dBY7
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list