Cisco.UCS.Manager.ping.OS.Command.Injection

Description

This indicates an attack attempt against a Command Injection vulnerability in Cisco Unified Computing System Manager.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests. A remote attacker can exploit this to execute arbitrary code within context of the affected application via a crafted request.

Affected Products

Cisco Unified Computing System Manager
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's advisory for updates or workaround:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce

References