What is the severity of cisco-sa-20180606-ucs-access?

The severity of cisco-sa-20180606-ucs-access is high, due to its potential for arbitrary command execution by authenticated attackers.

How do I fix cisco-sa-20180606-ucs-access?

To fix cisco-sa-20180606-ucs-access, update the Cisco Unified Computing System Software to the latest version provided by Cisco.

Who is affected by cisco-sa-20180606-ucs-access?

Authenticated users of Cisco Unified Computing System Software are affected by cisco-sa-20180606-ucs-access.

What type of attacker can exploit cisco-sa-20180606-ucs-access?

An authenticated local attacker can exploit cisco-sa-20180606-ucs-access to execute arbitrary commands on the system.

Is there a mitigation for cisco-sa-20180606-ucs-access?

Currently, the best mitigation for cisco-sa-20180606-ucs-access is to apply the recommended software updates from Cisco.

Vulnerability/
cisco-sa-20180606-ucs-access

medium

6.7

CWE

6/6/2018

cisco-sa-20180606-ucs-access: Cisco Unified Computing System Role-Based Access Vulnerability

First published: Wed Jun 06 2018(Updated: )

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access

Affected Software	Affected Version	How to fix
Cisco Unified Computing System

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2018-0338

Frequently Asked Questions

What is the severity of cisco-sa-20180606-ucs-access?
The severity of cisco-sa-20180606-ucs-access is high, due to its potential for arbitrary command execution by authenticated attackers.
How do I fix cisco-sa-20180606-ucs-access?
To fix cisco-sa-20180606-ucs-access, update the Cisco Unified Computing System Software to the latest version provided by Cisco.
Who is affected by cisco-sa-20180606-ucs-access?
Authenticated users of Cisco Unified Computing System Software are affected by cisco-sa-20180606-ucs-access.
What type of attacker can exploit cisco-sa-20180606-ucs-access?
An authenticated local attacker can exploit cisco-sa-20180606-ucs-access to execute arbitrary commands on the system.
Is there a mitigation for cisco-sa-20180606-ucs-access?
Currently, the best mitigation for cisco-sa-20180606-ucs-access is to apply the recommended software updates from Cisco.

agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
collector/cisco-advisory
source/Cisco
agent/severity
agent/references
agent/weakness
agent/title
agent/description
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco unified computing system

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.