CVE-2020-3171

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software (affected versions not specified) Cisco UCS Manager Software (affected versions not specified)

Description A vulnerability in the local management CLI of the affected software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The issue is due to insufficient input validation, allowing an attacker to exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user, except on Cisco UCS 6400 Series Fabric Interconnects where the injected commands are executed with root privileges.

Recommendations For Cisco FXOS Software, update to a version that includes the fix for this issue. For Cisco UCS Manager Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the local management CLI to minimize the risk of exploitation.