Bash environment variable command injection in Cisco UCS Manager

2016-03-24T00:00:00
ID SAINT:CCCF00F03F04F011364CEB0E35290350
Type saint
Reporter SAINT Corporation
Modified 2016-03-24T00:00:00

Description

Added: 03/24/2016
CVE: CVE-2014-6278
BID: 70166

Background

GNU Bash (Bourne Again SHell) is a command shell commonly used on Linux and Unix systems.

Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure.

Problem

The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a remote attacker to cause arbitrary commands to execute when Cisco UCS Manager handles specially crafted HTTPS requests.

Resolution

Upgrade to Cisco UCS Manager 3.0(1d), 2.2(3b), 2.2(2e), 2.2(1f), 2.1(3f), or 2.0(5g).

References

<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash>

Limitations

Exploit works on Cisco UCS Manager 2.1(1b).