CVE-2018-0113
published 2018-02-08CVE-2018-0113: A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the…
PriorityP357high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.27%
80.9th percentile
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ucs_central | — | — |
| cisco | unified_computing_system_central_software | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4vp2-8c9h-5h96: A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with th
ghsa_unreviewed·2022-05-13
CVE-2018-0113 [HIGH] CWE-20 GHSA-4vp2-8c9h-5h96: A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with th
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.
Cisco
Cisco UCS Central Arbitrary Command Execution Vulnerability
vendor_cisco·2018-02-08·CVSS 8.8
CVE-2018-0113 [HIGH] CWE-20 Cisco UCS Central Arbitrary Command Execution Vulnerability
Cisco UCS Central Arbitrary Command Execution Vulnerability
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc
Cisco
Cisco UCS Central Arbitrary Command Execution Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0113 Cisco UCS Central Arbitrary Command Execution Vulnerability
CVE-2018-0113: Cisco UCS Central Arbitrary Command Execution Vulnerability
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCve70825
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/102966http://www.securitytracker.com/id/1040337https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucschttp://www.securityfocus.com/bid/102966http://www.securitytracker.com/id/1040337https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc
2018-02-08
Published