PT-2018-8619 · Cisco · Cisco Ucs Central

Published

2018-02-08

Updated

2019-10-09

CVE-2018-0113

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Cisco UCS Central Software versions prior to 2.0(1c)

Description: A vulnerability in the operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. This issue is due to insufficient input validation. An attacker could exploit this by posting a crafted request to the "user interface" of Cisco UCS Central.

Recommendations: For versions prior to 2.0(1c), update to Release 2.0(1c) or later to resolve the issue. As a temporary workaround, consider restricting access to the user interface of Cisco UCS Central to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-0113

Affected Products

Cisco Ucs Central

PT-2018-8619 · Cisco · Cisco Ucs Central

CVE-2018-0113

Weakness Enumeration

Related Identifiers

Affected Products

References · 5