Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016
CVE: CVE-2014-6278
BID: 70166


GNU Bash (Bourne Again SHell) is a command shell commonly used on Linux and Unix systems.

Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure.


The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a remote attacker to cause arbitrary commands to execute when Cisco UCS Manager handles specially crafted HTTPS requests.


Upgrade to Cisco UCS Manager 3.0(1d), 2.2(3b), 2.2(2e), 2.2(1f), 2.1(3f), or 2.0(5g).



Exploit works on Cisco UCS Manager 2.1(1b).
Back to exploit index