Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1966

Опубликовано: 30 авг. 2019
Источник: nvd
CVSS3: 7.8
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Версия до 3.2 (включая)
cpe:2.3:o:cisco:nx-os:4.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:ucs_6248_up_fabric_interconnect:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6296_up_fabric_interconnect:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6324_fabric_interconnect:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6332-16up_fabric_interconnect:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6332_fabric_interconnect:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6454_fabric_interconnect:-:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:cisco:unified_computing_system:3.2\(3b\)a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system:4.0\(1a\)a:*:*:*:*:*:*:*

EPSS

Процентиль: 46%
0.00232
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-wjmx-f4ff-3r2q

github
больше 3 лет назад

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device.

fstec логотип

BDU:2019-03306

CVSS3: 7.8
fstec
больше 6 лет назад

Уязвимость микропрограммного обеспечения маршрутизаторов UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects и UCS 6400 Series Fabric Interconnects, связанная с использованием посторонних опций подкоманд, представленных для конкретной команды CLI в контексте local-mgmt, позволяющая нарушителю повысить свои привилегии до уровня root

EPSS

Процентиль: 46%
0.00232
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264
NVD-CWE-noinfo