A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote malicious user to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged malicious user to access and execute arbitrary actions through certain APIs.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco ucs director 6.7.0.0 |
||
cisco ucs director 6.7.1.0 |
||
cisco ucs director express for big data 3.7.1.0 |
||
cisco ucs director express for big data 3.7.0.0 |
Plus UCS and other gear need updates Breaker, breaker. Apple's iOS 12.4 update breaks jailbreak break, un-breaks the break. 10-4
Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers. Switchzilla's latest patch bundle includes six alerts for what it rates as critical issues, including flaws in its Small Business 220 Series switches and UCS Director software. Combined with Cisco's fixes for 'high' and 'moderate' issues, the networking giant posted a total of 33 security alerts on Wednesday. For the Small Business 220 Switches, a pair of patches address CVE-201...
Vulmon