Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability

A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Cisco FXOS Software和Cisco UCS Manager 操作系统命令注入漏洞

Cisco FXOS Software是美国思科（Cisco）公司的一套运行在思科安全设备中的防火墙软件。 Cisco FXOS Software和Cisco UCS Manager Software中本地管理的CLI存在操作系统命令注入漏洞，该漏洞源于没有进行充分的输入验证。本地攻击者可借助特制的参数利用该漏洞在底层操作系统上以当前用户权限执行任意命令。以下产品及版本受到影响：Cisco Firepower 2100 Series；Firepower 4100 Series；Firepower 9300

N/A

N/A