Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability

2015-09-0216:00:00

tools.cisco.com

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

0.001 Low

EPSS

Percentile

45.5%

JSON

Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs”]

Affected configurations

Vulners

Node

ciscoucs_directorMatchany

ciscointegrated_management_controller_supervisorMatchany

ciscoucs_directorMatchany

ciscointegrated_management_controller_supervisorMatchany

CPENameOperatorVersion
cisco ucs directoreqany
cisco integrated management controller (imc) supervisoreqany
cisco ucs directoreqany
cisco integrated management controller (imc) supervisoreqany

Name	Operator	Version
cisco ucs director	eq	any
cisco integrated management controller (imc) supervisor	eq	any
cisco ucs director	eq	any
cisco integrated management controller (imc) supervisor	eq	any