Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device.    This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device with root-level privileges.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Cisco UCS Manager Software 操作系统命令注入漏洞

Cisco UCS Manager Software是美国思科（Cisco）公司的一款设备管理软件。 Cisco UCS Manager Software存在操作系统命令注入漏洞，该漏洞源于对用户提供的命令参数输入验证不足，可能导致具有管理权限的攻击者执行任意命令。

N/A

N/A