← Back to CVEs
CVE-2018-0338
HIGH7.8
Description
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/7/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
cisco:unified_computing_system
Weaknesses (CWE)
CWE-20CWE-863
References
http://www.securityfocus.com/bid/104456(psirt@cisco.com)
http://www.securitytracker.com/id/1041071(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access(psirt@cisco.com)
http://www.securityfocus.com/bid/104456(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041071(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.