#VU8551 Command injection in Cisco UCS Central Software - CVE-2017-12255
Published: September 21, 2017
Vulnerability identifier: #VU8551
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12255
CWE-ID: CWE-77
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco UCS Central Software
Cisco UCS Central Software
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to execute arbitrary commands.
The weakness exists in the CLI of Cisco UCS Central Software due to insufficient input validation of commands entered in the CLI. A local attacker can supply specially crafted arguments to enter and execute a specific command and gain shell access to the system.
The weakness exists in the CLI of Cisco UCS Central Software due to insufficient input validation of commands entered in the CLI. A local attacker can supply specially crafted arguments to enter and execute a specific command and gain shell access to the system.
Remediation
Update to version 2.0(1b).