Borg bashes destabilising DoS bug in UCS kit
No workaround, so it's 'patch or chuck it in the bin'
Cisco has patched a denial of service vulnerability in its unified computing platform.
The remote file-overwrite vulnerability exist in the Cisco Management Controller and Cisco UCS Director unified infrastructure software.
Borg security bods say there are no workarounds for the vulnerabilities other than to patch.
"Cisco Integrated Management Controller Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service condition," they say in an advisory.
The vulnerabilities exist in JavaServer Pages input thanks to lax sanitisation of specific JSP pages.
Systems running default configurations are affected. Admins should upgrade to version 126.96.36.199 are affected.
Borg boffins rate the flaw a 7.8 severity score. ®