CVE-2018-0113

Name of the Vulnerable Software and Affected Versions: Cisco UCS Central Software versions prior to 2.0(1c)

Description: A vulnerability in the operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. This issue is due to insufficient input validation. An attacker could exploit this by posting a crafted request to the "user interface" of Cisco UCS Central.

Recommendations: For versions prior to 2.0(1c), update to Release 2.0(1c) or later to resolve the issue. As a temporary workaround, consider restricting access to the user interface of Cisco UCS Central to minimize the risk of exploitation.