发布日期：2019-08-20
更新日期：2019-08-23

受影响系统：

Cisco UCS Director 6.7.0.0－6.7.1.0
Cisco UCS Director 6.7.0.0 – 6.7.2.0
Cisco UCS Director 6.6.0.0－6.6.1.0
Cisco UCS Director 6.5
Cisco UCS Director 6.0
Cisco IMC Supervisor 2.2.0.0－2.2.0.6
Cisco IMC Supervisor 2.1
Cisco UCS Director Express for Big Data 3.7.1.0
Cisco UCS Director Express for Big Data 3.7.0.0
Cisco UCS Director Express for Big Data 3.6
Cisco UCS Director Express for Big Data 3.5
Cisco UCS Director Express for Big Data 3.0

描述：

---

CVE(CAN) ID: CVE-2019-1936

Cisco Integrated Management Controller（IMC）是一套用于对UCS（统一计算系统）进行管理的软件。

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, Cisco UCS Director Express for Big Data中存在安全漏洞，可使经身份验证的远程攻击者以root用户权限在下层Linux shell上执行任意代码。

<*来源：Cisco
　
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmd
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20190821-imcs-ucs-cmdinj）以及相应补丁:
cisco-sa-20190821-imcs-ucs-cmdinj：Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmd

浏览次数：1504
严重程度：0（网友投票）