Vulnerability identifier: #VU5840
Vulnerability risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco UCS Director
Server applications /
Other server solutions
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote authenticated user to obtain elevated privileges.
The vulnerability exists due to improper role-based access control (RBAC) in web-based management interface when the Developer Menu is enabled in Cisco UCS Director. A remote authenticated user can enable Developer Mode for his/her user profile with an end-user profile and then add new catalogs with arbitrary workflow items to his/her profile.
Successful exploitation of the vulnerability will allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants.
Mitigation
Update to version 6.0.1.0.
Vulnerable software versions
Cisco UCS Director: 6.0.0.0 - 6.0.0.1
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.