HomePentest-Tools.com Logo

Cisco UCS Central Software Arbitrary Command Execution Vulnerability CVE-2016-1352

Severity
CVSSv3 Score
9.8
Vulnerability description

A vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.

Risk description

The vulnerability is due to improper input validation by the affected software.< An attacker could exploit this vulnerability by sending a malicious HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system.

Recommendation

Update to 1.3(1c)/1.4(1a) or newer

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 14, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available