cisco-sa-20200226-fxos-ucs-cmdinj: Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability
First published: Wed Feb 26 2020(Updated: )
A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco ASA Software | =9.13<9.13.1.7=9.12<9.12.3.7=9.10<9.10.1.37>=9.8<=9.9<9.9.2.66 | 9.13.1.7 9.12.3.7 9.10.1.37 9.9.2.66 |
| Cisco FTD Software | >=6.2.2<=6.2.3<6.2.3.16 (Apr 2020) | 6.2.3.16 (Apr 2020) |
| Cisco FX-OS | =2.4<2.4.1.234=2.3<2.3.1.144>=Earlier than 2.2<=2.2<2.2.2.97 | 2.4.1.234 2.3.1.144 2.2.2.97 |
| Cisco Unified Computing System (UCS) | =4.0<4.0(4g)>=Earlier than 3.2<=3.2<3.2(3n) | 4.0(4g) 3.2(3n) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20200226-fxos-ucs-cmdinj?
The severity of cisco-sa-20200226-fxos-ucs-cmdinj is high with a CVSS score of 7.8.
How can an attacker exploit cisco-sa-20200226-fxos-ucs-cmdinj?
An attacker can exploit cisco-sa-20200226-fxos-ucs-cmdinj by executing arbitrary commands on the underlying operating system through the CLI.
Which software versions are affected by cisco-sa-20200226-fxos-ucs-cmdinj?
The following software versions are affected by cisco-sa-20200226-fxos-ucs-cmdinj: Cisco ASA Software 9.13 up to 9.13.1.7, 9.12 up to 9.12.3.7, 9.10 up to 9.10.1.37, and 9.8 up to 9.9.2.66; Cisco FTD Software 6.2.2 up to 6.2.3, and 6.2.3 up to 6.2.3.16 (Apr 2020); Cisco FXOS Software 2.3 up to 2.3.1.144, 2.2 up to 2.2.2.97, and earlier than 2.2; Cisco UCS Software Earlier than 3.2 up to 3.2, and 4.0 up to 4.0(4g), 3.2 up to 3.2(3n).
How do I fix cisco-sa-20200226-fxos-ucs-cmdinj?
To fix cisco-sa-20200226-fxos-ucs-cmdinj, update your software to the specified versions: Cisco ASA Software should be updated to version 9.13.1.7, 9.12.3.7, 9.10.1.37, or 9.9.2.66; Cisco FTD Software should be updated to version 6.2.3.16 (Apr 2020); Cisco FXOS Software should be updated to version 2.4.1.234, 2.3.1.144, or 2.2.2.97; Cisco UCS Software should be updated to version 4.0(4g) or 3.2(3n).
Where can I find more information about cisco-sa-20200226-fxos-ucs-cmdinj?
You can find more information about cisco-sa-20200226-fxos-ucs-cmdinj on the Cisco Security Advisory website: [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj).
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asa software
- version/cisco asa software/9.13
- version/cisco asa software/9.12
- version/cisco asa software/9.10
- version/cisco asa software/9.8
- version/cisco asa software/9.9
- canonical/cisco ftd software
- version/cisco ftd software/6.2.2
- version/cisco ftd software/6.2.3
- canonical/cisco fx-os
- version/cisco fx-os/2.4
- version/cisco fx-os/2.3
- version/cisco fx-os/earlier than 2.2
- version/cisco fx-os/2.2
- canonical/cisco unified computing system (ucs)
- version/cisco unified computing system (ucs)/4.0
- version/cisco unified computing system (ucs)/earlier than 3.2
- version/cisco unified computing system (ucs)/3.2