Executive Summary

Title Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
Name cisco-sa-20150902-cimcs First vendor Publication 2015-09-02
Vendor Cisco Last vendor Modification 2015-09-02
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:C/A:C)
Cvss Base Score 9.4 Attack Range Network
Cvss Impact Score 9.2 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVecfnYpI1I6i1Mx3AQJNLhAAv2JmmTi39Ct3ih17a1XmdKxZxDhb33W0 ++lYBipYbO9zgH6HaRjAX/CxG09vglgv3tyeEquFtVCGvBEs0x/PC8w7wig+VzlH nXc8OgOMJlAnCuIn81cQra2SWtmVU2oaAbcQS9p3/uDNB3op+cPvkDJFTet9UX72 HC1CItpmUDWefKW44xeGNQ+8IsMBkBxOdHiyDmucu1zLXcg9hpxr56LDpDd8i61U kJorlCVMnWrTzbgV1jtILxQ73PE2tlKyaVZamks2ODzF1wj4E8dkfAAiOHKCPMaP BWSztYrybAfRbAqfkA+2FpOe6Cgd8S4O+01+4CbOwWjRpoqZhkVFnQgu21AymYxe 4q3y7KWw2IKLCrmHnjFlWs3687uoxUaxIiyxXozn/7U8bU05lh1c9eZH0KY+9cBo O9VsM/d0YN68JaI5PDpAlqXssS9qYUrEbFu3Rdus2ss87yZi27e1Q4N9hMyJ1fo0 Wu6OqiuHLD1JTv059dXPDfmgDvt+0zuilmWoGKY5i7OAbSw8GhQVJ9Q3wdBdfYeX 8cBO+tt0xvVTMOz9mpBRx5a9dJXUo/Z5L5mi7n9jtfqqvrR9iDjZR3xVTqYXh+6M Xtj0Q0J/VZV+ZCVWz0xXJoqBvtPnw47xbMcx7n1t8jR8bgk9+MS/0/E/cV1239K/ 0JdOpPTLlXM= =1xLQ END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Application 2
Application 10

Snort® IPS/IDS

Date Description
2015-09-03 Cisco Integrated Management Controller and UCS Director directory traversal a...
RuleID : 35941 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-09-04 21:32:25
  • Multiple Updates
2015-09-03 21:24:08
  • Multiple Updates
2015-09-02 21:24:31
  • First insertion