Added: 09/13/2019
CVE: CVE-2019-1937
Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service (IaaS).
An authentication bypass vulnerability in the ClientServlet allows unauthenticated users to gain an administrative session. Furthermore, a command injection vulnerability in the SCP User Configuration function allows an administrative user to execute operating system commands. The combination of these two vulnerabilities could allow an unauthenticated attacker to execute arbitrary commands on the system.
Upgrade to Cisco IMC Supervisor 2.2.1.0 or later, Cisco UCS Director 6.7.2.0 or later, or Cisco UCS Director Express for Big Data 3.7.2.0 or later.
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby>
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj>
<https://seclists.org/fulldisclosure/2019/Aug/36>
Exploit works on Cisco UCS Director 6.6.0 and 6.7.0.
Linux