Published: 14/04/2016 Updated: 03/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and previous versions allows remote malicious users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified computing system central software 1.3\\(0.1\\)

How to make Cisco UCS servers roll over and obey: Send a HTTP poke

The Register • Shaun Nichols in San Francisco • 13 Apr 2016

You will probably want to install this fix

Cisco has patched a vulnerability in its Unified Computing System (UCS) Central Software that could be exploited by miscreants to take remote control of machines. Switchzilla said that the CVE-2016-1352 flaw in the UCS web framework is considered a "high" security risk as an unauthenticated attacker can execute arbitrary commands on the targeted UCS control server by sending it a specially crafted HTTP request. Basically, if you can reach Cisco's UCS central software running on a vulnerable box,...

CVE-2016-1352

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect