CVE-2016-1352

Name of the Vulnerable Software and Affected Versions Cisco Unified Computing System (UCS) Central Software versions 1.3(1b) and earlier

Description The issue allows remote attackers to execute arbitrary OS commands via a crafted HTTP request. This is due to the system's failure to neutralize special elements used in the OS command. Exploitation of the issue may allow a remote attacker to execute arbitrary OS commands using a specially crafted HTTP request.

Recommendations For Cisco Unified Computing System (UCS) Central Software versions 1.3(1b) and earlier, update to a version later than 1.3(1b) to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.