=====================================================================

                           CERT-Renater

               Note d'Information No. 2015/VULN068
_____________________________________________________________________

DATE                : 07/05/2015

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco UCS Central Software.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
______________________________________________________________________

Cisco Security Advisory: Cisco UCS Central Software Arbitrary Command
Execution Vulnerability

Advisory ID: cisco-sa-20150506-ucsc

Revision 1.0

For Public Release 2015 May 6 16:00 UTC (GMT)

+----------------------------------------------------------------------

Summary
=======

A vulnerability in the web framework of Cisco UCS Central Software could
allow an unauthenticated, remote attacker to execute arbitrary commands
on an affected device.

The vulnerability is due to improper input validation. An attacker could
exploit this vulnerability by sending a crafted HTTP request to an
affected device. An exploit could allow the attacker to execute
arbitrary commands on the underlying operating system with the
privileges of the root user.

Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are not
available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================