Cisco's just posted a patch rated critical for its Unified Communications System Performance Manager.
It's an all-too-familiar issue: the Web interface has a bug that lets a remote attacker execute whatever command they want, using the HTTP GET command.
UCS Performance Manager version 2.0.0 and all prior versions are affected, and users need to upgrade to 2.0.1 as soon as possible, since there's no workaround.
The advisory is here, and the company credits German researcher Gregory Draperi for discovering the bug. ®