Security News > 2016 > April > Cisco UCS servers can be hijacked with malicious HTTP request (Help Net Security)
2016-04-14 19:03
A data center server platform running Cisco’s Unified Computing System (UCS) Central Software can be compromised by unauthenticated, remote attackers with a single, malicious HTTP request, security researcher Gregory Draperi has discovered. The Cisco UCS platform was designed to help organizations efficiently manage distributed Cisco UCS servers at scale. Cisco UCS Central Software helps manage multiple Cisco UCS domains. The vulnerability (CVE-2016-1352) is present in the product’s web framework, and its due to improper input … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/avCUR8viVzc/
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Cisco creates architecture to improve security and sell you new switches (source)
- Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-14 | CVE-2016-1352 | OS Command Injection vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. | 7.5 |