HackDig : Dig high-quality web security articles for hacker

Cisco squashes DoS bug in its unified infrastructure software

2015-09-04 21:00
Cisco has released a patch for a serious remotely exploitable vulnerability affecting its Integrated Management Controller (IMC) Supervisor and Cisco UCS Director offerings.

"A vulnerability in JavaServer Pages (JSP) input validation routines of the Cisco IMC Supervisor and Cisco UCS Director could allow an unauthenticated, remote attacker to overwrite arbitrary files on the system," the company explained in an advisory.

"The vulnerability is due to incomplete input sanitization on specific JSP pages. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected system. An exploit could allow the attacker to overwrite arbitrary system files resulting in system instability."

The bug affects all Cisco IMC Supervisor versions prior to v1.0.0.1, and all Cisco UCS Director versions prior to v5.2.0.1. Cisco IMC Supervisor users are urged to apply the offered patch, and Cisco UCS Director users should upgrade to one of the unaffected versions, as there are no effective workarounds to solve this problem.

The only good news is that there is no indication that the flaw has been exploited in the wild - the company discovered it during internal testing.





Source: php.dlrowces/8bK_1RTAF9J/3~/ytiruceSteNpleH/r~/moc.elgoog.yxorpdeef

Read:4056 | Comments:0 | Tags:No Tag

“Cisco squashes DoS bug in its unified infrastructure software”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud