This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2018-02-08
Product Unified Computing System Central Software Last view 2018-02-08
Version 1.5(1c) Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:unified_computing_system_central_software

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2018-02-08 CVE-2018-0113

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-20 Improper Input Validation

Snort® IPS/IDS

Date Description
2018-02-08 Cisco UCS Central recvbackup.cgi command injection attempt
RuleID : 45622 - Type : SERVER-WEBAPP - Revision : 1
2018-02-08 Cisco UCS Central recvbackup.cgi command injection attempt
RuleID : 45621 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2018-03-06 Name: An infrastructure management application running on the remote host is affect...
File: cisco-sa-20180207-ucsc.nasl - Type: ACT_GATHER_INFO