Cisco has just patched a remote code execution vulnerability in the web frameworks of their Unified Computing system(UCS) Central software. The vulnerability could allow an attacker to to execute remote arbitrary commands without authentication.
“The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device,” Cisco said in an advisory. “An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.”
Cisco UCS Central Software versions 1.2 and earlier are confirmed to have been affected by the vulnerability. Cisco says they have not seen evidence that this vulnerability has been exploited.
Cisco has already released a free software update here: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.