Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Posted on

Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable.

The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The company has fixed the bug in new versions of the software, for Cisco UCS and for the UCS Director. The IMC Supervisor is designed to give customers the ability to manage other Cisco servers from a central point. The UCS Director, meanwhile, provides centralized management of software and hardware in Cisco’s Unified Computing System.


“A vulnerability in JavaServer Pages (JSP) input validation routines of the Cisco IMC Supervisor and Cisco UCS Director could allow an unauthenticated, remote attacker to overwrite arbitrary files on the system,” the Cisco advisory says.

“The vulnerability is due to incomplete input sanitization on specific JSP pages. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected system. An exploit could allow the attacker to overwrite arbitrary system files resulting in system instability.”

Cisco said there are no workarounds available for the vulnerability, but there are no known public exploits for the bug, either.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s