Cisco UCS Director Code Injection (CSCur02877) (Shellshock)
High Nessus Plugin ID 78770
SynopsisThe remote host is running a vulnerable version of Bash.
DescriptionAccording to its self-reported version, the remote host is running a version of Cisco UCS Director that could be affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
Authentication on the system is required before this vulnerability can be exploited.
SolutionApply the patch or upgrade to the version recommended in Cisco bug ID CSCur02877