Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765.
CVSS Information
N/A
Vulnerability Type
权限、特权和访问控制
Vulnerability Title
Cisco UCS Director 权限许可和访问控制问题漏洞
Vulnerability Description
Cisco UCS Director(前称Cisco Cloupia)是美国思科(Cisco)公司的一套融合基础设施管理解决方案。该方案支持用户从单一管理控制台管理计算能力、网络服务、存储和虚拟机,以更快速和低成本地部署和发布IT服务。 Cisco UCS Director 6.0.0.0版本和6.0.0.1版本中存在提权漏洞,该漏洞源于程序没有正确的执行role-based访问权限控制。本地攻击者可利用该漏洞执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A