Your one-stop web resource providing safety and security information to manufacturers

Cisco released security updates to address multiple vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data.

A remote attacker could exploit these vulnerabilities to take control of an affected system, Cisco officials said. In all, there were 33 vulnerabilities, with six labeled critical, 15 high, and 12 medium.

One critical vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system.

The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

Cyber Security

Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This vulnerability affects the following Cisco products: UCS Director releases 6.7.0.0 and 6.7.1.0, and UCS Director Express for Big Data releases 3.7.0.0 and 3.7.1.0.

In addition, there is a critical vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data that could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials.

The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system’s database.

Cisco released software updates that address this vulnerability. There are workarounds that address this vulnerability.

• This vulnerability affects Cisco IMC Supervisor releases: 2.1 and 2.2.0.0 through 2.2.0.6.
• In Cisco UCS Director releases: 6.0, 6.5, 6.6.0.0, 6.6.1.0, 6.7.0.0, and 6.7.1.0.
• Cisco UCS Director Express for Big Data releases: 3.0, 3.5, 3.6, 3.7.0.0, and 3.7.1.0

Also, a critical vulnerability is in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user.

The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.

Cisco released software updates that address this vulnerability. There are no workarounds.

• This vulnerability affects Cisco IMC Supervisor releases: 2.1, and 2.2.0.0 through 2.2.0.6.
• Cisco UCS Director releases: 5.5.0.0 through 5.5.0.2, 6.0.0.0 through 6.0.1.3, 6.5.0.0 through 6.5.0.3, 6.6.0.0 and 6.6.1.0, and 6.7.0.0 through 6.7.2.0.
• Cisco UCS Director Express for Big Data releases: 2.1.0.0 through 2.1.0.2, 3.0.0.0 through 3.0.1.3, 3.5.0.0 through 3.5.0.3, 3.6.0.0, 3.6.1.0, and 3.7.0.0 through 3.7.2.0.

Another critical vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication.

The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.

Cisco released software updates that address this vulnerability. There are no workarounds.

• This vulnerability affects Cisco IMC Supervisor releases: 2.2.0.3 through 2.2.0.6.
• Cisco UCS Director releases: 6.6.0.0, 6.6.1.0, 6.7.0.0 and 6.7.1.0.
• Cisco UCS Director Express for Big Data releases: 3.6, 3.7.0.0 and 3.7.1.0.

Other multiple critical vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system.

The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.

Cisco released software updates that address this vulnerability. There are no workarounds.

This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via HTTP and HTTPS by default.

Another critical vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files.

The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell.

Cisco released software updates that address this vulnerability. There are no workarounds.
This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.

Pin It on Pinterest

Share This