Cisco Issues Security Updates for Network Management Appliances

Last week Cisco issued security updates for the following 2 network management systems:

  • Cisco IMC Supervisor prior to software version 1.0.0.1
  • Cisco UCS Director (formally known as Cloupia Unified Infrastructure Controller) prior to software version 5.2.0.1

The updates address a single security issue that could allow an unauthenticated remote attacker to overwrite key system files which would result in the systems becoming unstable and thus unable to perform their responsibilities. Such unavailability could be called a DoS (Denial of Service) attack (Denial of Service, defined). This issue is caused by the incorrect validation of input passed to JavaServer Pages (JSP) within the above management systems. An attacker could take advantage of this fact by sending specifically crafted HTTP requests to these network management systems.

No workarounds are available for this vulnerability but there are no known instances of this issue being publically exploited. Cisco discovered this flaw during internal testing.

How Can I Protect Myself From This Issue?
If your company makes use of either of the above network management systems from Cisco, please follow the directions within this Cisco security advisory to install the necessary security updates.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s