CVE-2018-0113

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGH

EPSS

1.1%

top 21.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System Central Software

Timeline

PublishedFeb 8

Latest updateMay 13

Description

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/unified_computing_system_central_software1.5\(1c\)

▶CVEListV5cisco_ucs_centralCisco UCS Central

🔴Vulnerability Details

GHSA

GHSA-4vp2-8c9h-5h96: A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with th↗2022-05-13

▶

CVEList

CVE-2018-0113: A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with th↗2018-02-08

▶

📋Vendor Advisories

Cisco

Cisco UCS Central Arbitrary Command Execution Vulnerability↗2018-02-08

▶