Cisco has patched a denial of service vulnerability in its unified computing platform.

The remote file-overwrite vulnerability exist in the Cisco Management Controller and Cisco UCS Director unified infrastructure software.

Borg security bods say there are no workarounds for the vulnerabilities other than to patch.

“Cisco Integrated Management Controller Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service condition,” they say in an advisory.

The vulnerabilities exist in JavaServer Pages input thanks to lax sanitisation of specific JSP pages.

Systems running default configurations are affected. Admins should upgrade to version 1.0.0.1 are affected.

Borg boffins rate the flaw a 7.8 severity score. ®

Sponsored:
Go beyond APM with real-time IT operations analytics

Article source: TheReg http://go.theregister.com/feed/www.theregister.co.uk/2015/09/04/cisco_patches_overwrite_bug/