SynopsisThe remote device is missing a vendor-supplied security patch (cisco-sa-cimc-auth-zWkppJxL)
DescriptionAccording to its self-reported version, Cisco Unified Computing System (Management Software) is affected by an authorization bypass vulnerability due to improper authorization checks on API endpoints. An authenticate, remote attacker can exploit this issue, by sending malicious requests to an API endpoint, to bypass authorization and take actions on a vulnerable system without authorization.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
SolutionUpgrade to the relevant fixed version referenced in Cisco bug IDs CSCvv07287, CSCvv95114