Vulnerability addressed in Cisco IMC Supervisor and Cisco UCS Director

Cisco released software updates to address a vulnerability that can lead to system instability or a denial-of-service condition.
Cisco released software updates to address a vulnerability that can lead to system instability or a denial-of-service condition.

Cisco has released software updates for Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director to address a vulnerability – CVE-2015-6259 – that could lead to system instability or a denial-of-service (DoS) condition.

Updating to Cisco IMC Supervisor version 1.0.0.1 and Cisco UCS Director versions 5.2.0.1 and 5.3.0.0 – or later versions of all aforementioned products – should address the issue, an advisory said, adding that workarounds are not available.

“A vulnerability in JavaServer Pages (JSP) input validation routines of the Cisco IMC Supervisor and Cisco UCS Director could allow an unauthenticated, remote attacker to overwrite arbitrary files on the system,” the advisory said. “The vulnerability is due to incomplete input sanitization on specific JSP pages.”

The bug can be exploited by sending crafted HTTP requests to the affected system, the advisory said, noting that Cisco is unaware of malicious use of the vulnerability.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS