Arbitrary Command Execution in Cisco UCS Central Software
CVE-2015-0701

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Computing System Central Software
Vendor: CVE Published:; 7 May 2015

Summary

Cisco UCS Central Software prior to version 1.3(1a) is susceptible to a vulnerability that allows remote attackers to execute arbitrary commands. This can be exploited through a specially crafted HTTP request, potentially leading to the compromise of system integrity and unauthorized access to sensitive information. Organizations using affected versions must take immediate action to mitigate this risk by applying the provided security updates.

References

http://www.securityfocus.com/bid/74491

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032267

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
May 7, 2015
Vulnerability Reserved
Jan 7, 2015