Cisco patches critical exposure in management software

Cisco has patched what it called a critical vulnerability in its Unified Computing System (UCS) Performance Manager software that could let an authenticated, remote attacker execute commands.

+More on Network World: Quick look: Cisco Tetration Analytics+

Cisco UCS Performance Manager versions 2.0.0 and prior are affected and the problem is resolved in Cisco UCS Performance Manager versions 2.0.1 and later. UCS Performance Manager collects information about UCS servers, network, storage, and virtual machines.

According to Cisco the vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.