Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack.

The vulnerability is due to improper verification of the server SSL certificate. An attacker could exploit this vulnerability by executing a man-in-the-middle attack. An exploit could allow the attacker to view or modify traffic on the KVM video channel.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that proof-of-concept exploit code exists; however, the code is not known to be publicly available.