lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201601201102.6.ucsm@psirt.cisco.com>
Date: Wed, 20 Jan 2016 11:02:44 -0500
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160120-ucsm

Revision: 1.0

For Public Release 2016 January 20 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco
Firepower 9000 Series appliance could allow an unauthenticated, remote
attacker to execute arbitrary commands on the Cisco Unified Computing
System (UCS) Manager or the Cisco Firepower 9000 Series appliance.

The vulnerability is due to unprotecting calling of shell commands in
the CGI script. An attacker could exploit this vulnerability by 
sending a crafted HTTP request to the Cisco UCS Manager or the Cisco 
Firepower 9000 Series appliance. An exploit could allow the attacker
to execute arbitrary commands on the Cisco UCS Manager or the Cisco
Firepower 9000 Series appliance.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVp8uUopI1I6i1Mx3AQIr8w/+JN29RVgC7M7Wlxa+YCpCNMFDdg5iiGL1
ddNXZOZqZMDKjO9K3GAWVzn3ifjvWYgXaCdd0Xwmb+xkwkmcL+eY9TRInZBJVRZr
vhSDBARQLfVec681LN3bPGn5VQKyIVRkOtRv/7YfHjfMDlhRbOircBYlIcnxLhF9
FDkhEKi3nRUrPY4Nj4SXY0F4MJKg/yo3E1rF9j1J6n3w96i8trIRtjX8DTh3QeFU
or2cshiZi91dnzhKzXj+pv6nFho+7HDx6MaUPa27Txj+kgfhc1xfQFrV0jq1ppRs
r+8clONY02XuiN4I1k0kzTLwJfyFcvDx+u18MjufS3XHStPH8FDe9BEQsSWZZ/wN
ScYiHE517uf74YOrGGpHddlSHo722HcGW7hR5W7TdBpKYluRj0CsoU7wDnQzEfs9
uQFHUInQqwD+xIPxbVDv+Ls3XOwy0LKtRfEHoWiedXhrii7/f+jV2ksiCs95qtPq
xcMLwpIeZy/URCNbcJBxhKAhonTl8IZSRhKl3QCKMQwNkDJroaJ/iR7IMulykswC
esj1aHGC3VZ3G97Wtq0XzPmAlN595jCXNfxKatFeqoUvy18QT+7eSJuVpPwWISXs
NB9ZAtzgI7YFOffrRpLlpK55wlfp77kUzgY8r1Amrm83m98ZL5mNDlFQsUFb+KRY
6Ratj6LpeVc=
=XyBj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ