Vulnerability Management

Vulnerability addressed in Cisco IMC Supervisor and Cisco UCS Director

Cisco has released software updates for Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director to address a vulnerability – CVE-2015-6259 – that could lead to system instability or a denial-of-service (DoS) condition.

Updating to Cisco IMC Supervisor version 1.0.0.1 and Cisco UCS Director versions 5.2.0.1 and 5.3.0.0 – or later versions of all aforementioned products – should address the issue, an advisory said, adding that workarounds are not available.

“A vulnerability in JavaServer Pages (JSP) input validation routines of the Cisco IMC Supervisor and Cisco UCS Director could allow an unauthenticated, remote attacker to overwrite arbitrary files on the system,” the advisory said. “The vulnerability is due to incomplete input sanitization on specific JSP pages.”

The bug can be exploited by sending crafted HTTP requests to the affected system, the advisory said, noting that Cisco is unaware of malicious use of the vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.