Cisco UCS servers can be hijacked with malicious HTTP request (Help Net Security)

2016-04-14 19:03

A data center server platform running Cisco’s Unified Computing System (UCS) Central Software can be compromised by unauthenticated, remote attackers with a single, malicious HTTP request, security researcher Gregory Draperi has discovered. The Cisco UCS platform was designed to help organizations efficiently manage distributed Cisco UCS servers at scale. Cisco UCS Central Software helps manage multiple Cisco UCS domains. The vulnerability (CVE-2016-1352) is present in the product’s web framework, and its due to improper input … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/avCUR8viVzc/

#cisco #hijacked #http #security #server #UCS #CVE-2016-1352

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-14	CVE-2016-1352	OS Command Injection vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. network low complexity cisco CWE-78 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2046	21	1771	1669	288	3749

News URL

Related news

Related Vulnerability

Related vendor