Published: 07/05/2015 Updated: 28/11/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Unified Computing System Central Software

Cisco UCS Central Software prior to 1.3(1a) allows remote malicious users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified computing system central software 1.2\\(1a\\)
cisco unified computing system central software 1.2\\(1d\\)
cisco unified computing system central software 1.2\\(1e\\)
cisco unified computing system central software 1.2\\(1f\\)
cisco unified computing system central software 1.0_base
cisco unified computing system central software 1.1_base

Cisco plugs remote code execution flaw in UCS Central control freak

The Register • Darren Pauli • 08 May 2015

No workarounds means you'll patch or die trying

Cisco has patched a remote code execution bug that could give attackers root privileges on its Unified Computing System (UCS) Central software used by more than 30,00 organisations. The UCS data centre server platform joins hardware, virtualisation, networking and software into one system. Versions 1.2 and below are affected. The Borg says the vulnerability (CVE-2015-0701) rates the maximum 10 severity rating due to its low exploitation requirements and "complete" impact to confidentiality, inte...

CVE-2015-0701

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect