HomePentest-Tools.com Logo

Cisco UCS Manager Debug Plug-in Privilege Escalation Vulnerability CVE-2017-6598

Severity
CVSSv3 Score
6.7
Vulnerability description

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager could allow an authenticated, local attacker to execute arbitrary commands.

Risk description

The vulnerability is due to inadequate integrity checks for the debug plug-in. An attacker could exploit this vulnerability by crafting a debug plug-in and loading it using elevated privileges. An exploit could allow the attacker to run malicious code that would allow for the execution of arbitrary commands as root.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 7, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available