The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | * | 1.0 (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.1 (including) | 1.1 (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1c) (including) | 1.3(1c) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1m) (including) | 1.3(1m) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1n) (including) | 1.3(1n) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1o) (including) | 1.3(1o) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1p) (including) | 1.3(1p) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1q) (including) | 1.3(1q) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1t) (including) | 1.3(1t) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1w) (including) | 1.3(1w) (including) |
| Unified_computing_system_infrastructure_and_unified_computing_system_software | Cisco | 1.3(1y) (including) | 1.3(1y) (including) |