1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco patches critical exposure in management software

Discussion in 'Network World' started by RSS, Jul 20, 2016.

  1. RSS

    RSS New Member Member

    Cisco has patched what it called a critical vulnerability in its Unified Computing System (UCS) Performance Manager software that could let an authenticated, remote attacker execute commands.

    +More on Network World: Quick look: Cisco Tetration Analytics+

    Cisco UCS Performance Manager versions 2.0.0 and prior are affected and the problem is resolved in Cisco UCS Performance Manager versions 2.0.1 and later. UCS Performance Manager collects information about UCS servers, network, storage, and virtual machines.

    According to Cisco the vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page