====================================================================

                                CERT-Renater

                   Note d'Information No. 2016/VULN035
_____________________________________________________________________

DATE                : 22/01/2016

HARDWARE PLATFORM(S): Cisco UCS Manager, Cisco Firepower 9000 Series
                                     appliance.

OPERATING SYSTEM(S): Cisco UCS Manager software, Cisco Firepower 9000
                                  Series software.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
_____________________________________________________________________

Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote 
Command Execution Vulnerability

Advisory ID: cisco-sa-20160120-ucsm

Revision: 1.0

For Public Release 2016 January 20 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco
Firepower 9000 Series appliance could allow an unauthenticated, remote
attacker to execute arbitrary commands on the Cisco Unified Computing
System (UCS) Manager or the Cisco Firepower 9000 Series appliance.

The vulnerability is due to unprotecting calling of shell commands in
the CGI script. An attacker could exploit this vulnerability by
sending a crafted HTTP request to the Cisco UCS Manager or the Cisco
Firepower 9000 Series appliance. An exploit could allow the attacker
to execute arbitrary commands on the Cisco UCS Manager or the Cisco
Firepower 9000 Series appliance.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================