Cisco UCS Manager Software Command Injection Vulnerability
Summary
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying …
- Scope: At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco UCS Manager Software, regardless of device configuration:
- 4.1 and earlier — Migrate to a fixed release
- 4.2 — Migrate to a fixed release
- Release 4.3 (first fixed: 4.3(6f))
- Release 6.0 (first fixed: 6.0(2) (Mar 2026))
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 4.3(6f)
- 6.0(2) (Mar 2026)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 4.1 and earlier: migrate to a fixed release.
- Release 4.2: migrate to a fixed release.
- Release 4.3: upgrade to 4.3(6f).
- Release 6.0: upgrade to 6.0(2) (Mar 2026).
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.