Summary
Cisco Unified Computing System is prone to multiple vulnerabillities
Impact
CSCtc91207:
An attacker can exploit this issue to bypass the authentication mechanism and impersonate other users of the system. This may lead to further attacks.
CSCtd32371:
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
CSCtg48206:
Attackers can exploit this issue to cause the service to stop responding resulting in denial-of-service conditions.
CSCtq86543:
Successful exploits will allow attackers to obtain sensitive information.
This may result in the complete compromise of the system.
CSCts53746:
An attacker can exploit this issue to bypass the authentication mechanism and gain access to the IP KVM console of the physical or virtual device.
This may lead to further attacks.
Solution
Update to 2.1.1e
Insight
This issue is being tracked by Cisco bug IDs:
CSCtc91207
CSCtd32371
CSCtg48206
CSCtq86543
CSCts53746
Affected
Cisco Unified Computing System 1.0(x)
1.1(x)
1.2(x)
1.3(x)
1.4(x)
2.0(1x) and Prior
Detection
Check the Cisco Unified Computing System Version
References
Severity
Classification
-
CVE CVE-2013-1182, CVE-2013-1183, CVE-2013-1184, CVE-2013-1185, CVE-2013-1186 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability
- Admbook PHP Code Injection Flaw
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities