CVE-2020-3167

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software versions (affected versions not specified) Cisco UCS Manager Software versions (affected versions not specified)

Description The issue is related to insufficient input validation in the command-line interface of Cisco FXOS Software and Cisco UCS Manager Software. This could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user, or with root privileges on Cisco UCS 6400 Series Fabric Interconnects. An attacker could exploit this by including crafted arguments to specific commands.

Recommendations For Cisco FXOS Software, update to a version that includes the fix for this issue. For Cisco UCS Manager Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the command-line interface to minimize the risk of exploitation.