CVE-2020-3173

Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software versions (affected versions not specified)

Description A vulnerability in the local management CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system. The issue is due to insufficient input validation of command arguments, which could be exploited by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user, although on Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.