SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Unified Computing System Vendors:   Cisco
Cisco Unified Computing System Director Input Validation Flaw in JSP Lets Remote Authenticated Users Overwrite Arbitrary Files on the Target System
SecurityTracker Alert ID:  1033451
SecurityTracker URL:  http://securitytracker.com/id/1033451
CVE Reference:   CVE-2015-6259   (Links to External Site)
Date:  Sep 2 2015
Impact:   Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Director, prior to 5.2.0.1
Description:   A vulnerability was reported in Cisco Unified Computing System Director. A remote authenticated user can overwrite files on the target system.

A remote authenticated user can send specially crafted HTTP requests to trigger an input validation flaw in JavaServer Pages (JSP) and overwrite arbitrary files on the target system.

The vendor has assigned Cisco bug ID CSCus62625 to this vulnerability.

Cisco Integrated Management Controller (IMC) Supervisor is also affected.

Impact:   A remote authenticated user can overwrite arbitrary files on the target system.
Solution:   The vendor has issued a fix (5.3.0.0).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability

Advisory ID: cisco-sa-20150902-cimcs

Revision 1.0

For Public Release 2015 September 2 16:00  UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======
Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVecfnYpI1I6i1Mx3AQJNLhAAv2JmmTi39Ct3ih17a1XmdKxZxDhb33W0
++lYBipYbO9zgH6HaRjAX/CxG09vglgv3tyeEquFtVCGvBEs0x/PC8w7wig+VzlH
nXc8OgOMJlAnCuIn81cQra2SWtmVU2oaAbcQS9p3/uDNB3op+cPvkDJFTet9UX72
HC1CItpmUDWefKW44xeGNQ+8IsMBkBxOdHiyDmucu1zLXcg9hpxr56LDpDd8i61U
kJorlCVMnWrTzbgV1jtILxQ73PE2tlKyaVZamks2ODzF1wj4E8dkfAAiOHKCPMaP
BWSztYrybAfRbAqfkA+2FpOe6Cgd8S4O+01+4CbOwWjRpoqZhkVFnQgu21AymYxe
4q3y7KWw2IKLCrmHnjFlWs3687uoxUaxIiyxXozn/7U8bU05lh1c9eZH0KY+9cBo
O9VsM/d0YN68JaI5PDpAlqXssS9qYUrEbFu3Rdus2ss87yZi27e1Q4N9hMyJ1fo0
Wu6OqiuHLD1JTv059dXPDfmgDvt+0zuilmWoGKY5i7OAbSw8GhQVJ9Q3wdBdfYeX
8cBO+tt0xvVTMOz9mpBRx5a9dJXUo/Z5L5mi7n9jtfqqvrR9iDjZR3xVTqYXh+6M
Xtj0Q0J/VZV+ZCVWz0xXJoqBvtPnw47xbMcx7n1t8jR8bgk9+MS/0/E/cV1239K/
0JdOpPTLlXM=
=1xLQ
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC