CVE-2018-0113: Input Validation
First published: Thu Feb 08 2018(Updated: )
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco UCS Central Software | =1.5\(1c\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-0113?
CVE-2018-0113 is a vulnerability in an operations script of Cisco UCS Central that could allow an authenticated remote attacker to execute arbitrary shell commands with the privileges of the daemon user.
What is the severity of CVE-2018-0113?
The severity of CVE-2018-0113 is high, with a severity value of 8.8.
How can an attacker exploit CVE-2018-0113?
An attacker can exploit CVE-2018-0113 by posting malicious input to the vulnerable script.
What is the affected software?
The affected software is Cisco Unified Computing System Central Software version 1.5(1c).
How can I fix CVE-2018-0113?
To fix CVE-2018-0113, Cisco recommends applying the necessary updates and patches provided in the security advisory.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/references
- agent/author
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ucs central software
- version/cisco ucs central software/1.5\(1c\)