CVE-2014-0104

Name of the Vulnerable Software and Affected Versions fence-agents versions prior to 4.0.17

Description The issue is related to the fence cisco ucs.py script in fence-agents, which does not verify remote SSL certificates. This can potentially allow man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.

Recommendations For versions prior to 4.0.17, update to version 4.0.17 or later to resolve the issue. As a temporary workaround, consider disabling the fence cisco ucs.py script until a patch is available. Restrict access to the script to minimize the risk of exploitation.