CVE-2020-3171

CWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 61.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Adaptive Security Appliance (asa) SoftwareCisco FxosCisco UCS Manager
Timeline
PublishedFeb 26
Latest updateMay 24

Description

A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/fxos2.4\(1.214\), 2.4\(1.216\)+1
NVDcisco/ucs_manager4.0\(1a\)a

🔴Vulnerability Details

2
GHSA
GHSA-r6h8-jc2c-86jf: A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local att2022-05-24
CVEList
Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability2020-02-26

📋Vendor Advisories

1
Cisco
Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability2020-02-26
CVE-2020-3171 (HIGH CVSS 7.8) | A vulnerability in the local manage | cvebase.io