Cisco UCS Central Software < 2.0(1c) HTTP Request Handling RCE
High Nessus Plugin ID 107150
SynopsisAn infrastructure management application running on the remote host is affected by a remote command execution vulnerability.
DescriptionThe version of Cisco Unified Computing System (UCS) Central Software running on the remote host is prior to 1.3(1c). It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary commands on the underlying operating system as the daemon user.
SolutionUpgrade to Cisco UCS Central Software version 2.0(1c) or later.