Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability
Vulnerability Description
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco UCS Manager Software 操作系统命令注入漏洞
Vulnerability Description
Cisco UCS 6400 Series Fabric Interconnects是美国思科(Cisco)公司的一款6400系列交换矩阵设备。 Cisco UCS Manager Software中的本地管理CLI存在操作系统命令注入漏洞,该漏洞源于程序没有对命令参数执行充分的输入验证。攻击者可借助特制的参数利用该漏洞在底层操作系统上以当前登录用户权限执行任意命令。以下产品及版本受到影响:Cisco UCS 6200 Series Fabric Interconnects;UCS 6300 Series
CVSS Information
N/A
Vulnerability Type
N/A