Cisco Notification Alert -Cisco UCS Director - For Large Scale DC-01-Aug-2015 16:54 GMT

Feedback Sign Up Unsubscribe         Software Updates for UCS Director Product Name: UCS Director 5.3 Software Type: UCS Director Virtual Appliance Software Release Version: 5 Alert Type: New File File Name: cucsd_patch_5_3_1_1.zip File Description: Cisco UCS Director 5.3.1.1 upgrade patch File Release Date: 03-JUL-2015 Find additional information in Software Downloads index. Software Updates for UCS Director Product Name: UCS Director Express for Big Data 1.1 Software Type: UCS Director Virtual Appliance Software Release Version: 1 Alert Type: New File File Name: cucsde_bma_patch_5_2_0_2.zip File Description: Cisco UCS Director Bare Metal Agent Patch for Cisco UCS Director Express For Big Data (Patch need to be applied on top Cisco UCS Director BMA 5.2. MD5 Checksum - 85257fb1c305827a8b9782f0579a7589 File Release Date: 09-JUL-2015 Find additional information in Software Downloads index. Known Bugs - UCS Director Bug Id: CSCuh87353 Title: Directory Traversal via Unathenticated File Upload Description: Symptoms: A vulnerability in the CustomUploader of Cisco Intelligent Automation for Cloud could allow an unauthenticated, to upload arbitrary files to an affected device. An attacker could exploit this vulnerability by submitting specially crafted URL requests to a vulnerable device. Conditions: An affected device with default configuration Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(1.1) Known Fixed Releases: Bug Id: CSCuh87398 Title: Information Disclosure via Null Session Description: Symptom: A vulnerability in Cisco UCS Director could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting specially crafted packets to an affected device. Conditions: An affected device with default configuration. Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C CVE ID CVE-2014-3351 has been assigned to document this issue. Additional details about the vulnerability described here can be found at: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3351 Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(0.1) Known Fixed Releases: Bug Id: CSCuh87544 Title: persistent xss - cloupia - CloudSense HTML Reports Description: Symptoms: A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a malicious link. Conditions: An affected device with default configuration. Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Terminated Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(1.1) Known Fixed Releases: Bug Id: CSCuh87560 Title: Persistent XSS in Cloupia Infra Manager Log Description: Symptoms: A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a malicious link. Conditions: An affected device with default configuration. Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(1.1) Known Fixed Releases: Bug Id: CSCuh87547 Title: persistent xss - cloupia - /app/cloudmgr/portal/approvals.html Description: Symptoms: A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a malicious link. Conditions: An affected device with default configuration. Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(1.1) Known Fixed Releases: Bug Id: CSCuh87551 Title: persistent xss - cloupia - /app/cloudmgr/portal/index.html Description: Symptoms: A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a malicious link. Conditions: An affected device with default configuration. Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(1.1) Known Fixed Releases: Bug Id: CSCuh87549 Title: persistent xss - cloupia - /app/cloudmgr/portal/userreport.html Description: Symptoms: A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a malicious link. Conditions: An affected device with default configuration. Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(1.1) Known Fixed Releases: Bug Id: CSCuj36596 Title: Tracking bug to address clear text password in 4.0.1.0 Description: Symptoms: Cleartext passwords are written in a log file Conditions: None Workaround: If they are no longer needed, delete log files. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 4.0 Known Fixed Releases: 4.0, 4.100 Bug Id: CSCuh87565 Title: Persistent XSS in Cloupia Tomcat Log Description: Symptoms: A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a malicious link. Conditions: An affected device with default configuration. Workaround: None Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 01-JUL-2015 Known Affected Releases: 3.4(1.1) Known Fixed Releases: Bug Id: CSCuv03354 Title: Unable to Add UCSM 2.2-(5a) Account in UCSD 5.3 Appliance. Description: Symptom: Unable to Add UCSM Account Version 2.2 (5a) in the UCSD Version 5.3. Conditions: In the UCSD , Administration -> Physical Accounts, While Try to add the UCSM Account Version 2.2 (5a) will show 'Account Not Reachable' Message. Workaround: Apply UCSD Version : 5.3.1.1 Patch. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 23-JUL-2015 Known Affected Releases: 5.3(0.0), 5.3(1.0), 5.3(2.0) Known Fixed Releases: 5.3(1.1) Find additional information in Bug Search index.   2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks