Cisco has released software updates for Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director to address a vulnerability – CVE-2015-6259 – that could lead to system instability or a denial-of-service (DoS) condition.
Updating to Cisco IMC Supervisor version 126.96.36.199 and Cisco UCS Director versions 188.8.131.52 and 184.108.40.206 – or later versions of all aforementioned products – should address the issue, an advisory said, adding that workarounds are not available.
“A vulnerability in JavaServer Pages (JSP) input validation routines of the Cisco IMC Supervisor and Cisco UCS Director could allow an unauthenticated, remote attacker to overwrite arbitrary files on the system,” the advisory said. “The vulnerability is due to incomplete input sanitization on specific JSP pages.”
The bug can be exploited by sending crafted HTTP requests to the affected system, the advisory said, noting that Cisco is unaware of malicious use of the vulnerability.