9 - cisco-sa-20160720-ucsperf

A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands.

The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXj4blAAoJEK89gD3EAJB5fxUP/3IUSqmwPNOO0uzEISZsClbP eV1sWplfvIR0+D/ZehXwg5I5Bjla77t0YUmqa2OlqmmGUA6etCsz1CAJhYI99jhV dBTVjzIJ7/gaEqZq9SpiYwcqTe/5mU8vhJwt8T/x0GfS7qvPMAPxGmiS8NijZN1m O2aUYZOi3tjxwrYM72NtdjKMcxVJ4HhvwPA8QcUV+b+B8MgMwDp9i7zaJHldLJAB dAOUoIMmqSrsTjp5QX+oBv77XMoL6489hPNF0Kdt2ysIlcJDMQFn9Mv2PM76rolT d/v91W3FWA43X5BnZISHxh+YKLSxli4sHXKR2H3nDhrhZml9e9FwyvQBmKGAStb +IUJPfFkkFt/y/QHQiPx98MoW1bwaq7jarpihGearGcm6IKWw7op+c1xPVaKI6j/W 3zLObIbqHItCCE+62Qb6PLYTzaX/EyKtwpOsEiHZmPMsVyEFGsb57HyS4cS3Orm4 nlzxZRkv6VGfEx6uWr2VasD2pXUBEMY3fv9QJ/1fGcZokdaw0F+NwT89JhYd5nRE nAwxCi2E9lVpI+pZOYlWwjkKCdLn5Tl0Xefqxz9q5u/URcWKPSLwOkQ7ZY3ajM9x LBMhU3ub+H/rms6sykXRERawO/pCnwzDEh4LvoRocd3bM9s3pLKiV3KWJAQxIQE3 y0TbOx9qKJpsZO3Kwywy =dBY7 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com