Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
669
Views
0
Helpful
1
Replies

UCS Central security threat

Go to solution
Walter Dey
VIP Alumni
VIP Alumni

‎05-14-2015 03:05 AM - edited ‎03-01-2019 12:11 PM

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0701

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Can someone from TAC confirm, if this is fixed in 1.3.1a; according to the bug Report (see below), it's not.

Cisco Bug: CSCut46961 - Cisco UCS Central Software Arbitrary Command Execution VulnerabilitLast Modified

May 06, 2015

Product

Cisco UCS Central Software

Known Affected Releases

1.2(1d)
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jvanewyk
Cisco Employee
Cisco Employee

‎07-06-2015 06:20 AM

As per the NIST report, this applies to UCS Central versions before 1.3(1a). According to the Cisco Bug ID CSCut46961, it was fixed in UCS Central 1.3(1a), consistent with the NIST statement as well.

 

Cheers,

 

Jacob Van Ewyk

UCS Management product manager

View solution in original post

0 Helpful
1 Reply 1

Go to solution
jvanewyk
Cisco Employee
Cisco Employee

‎07-06-2015 06:20 AM

As per the NIST report, this applies to UCS Central versions before 1.3(1a). According to the Cisco Bug ID CSCut46961, it was fixed in UCS Central 1.3(1a), consistent with the NIST statement as well.

 

Cheers,

 

Jacob Van Ewyk

UCS Management product manager

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card