HomePentest-Tools.com Logo

Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability CVE-2016-6402

Severity
CVSSv3 Score
7.8
Vulnerability description

A vulnerability in the command-line interface (CLI) of the Cisco Unified Computing System (UCS) Manager and UCS 6200 Series Fabric Interconnects could allow an authenticated, local attacker to access the underlying operating system with the privileges of the root user.

Risk description

The vulnerability is due to insufficient sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by bypassing policy restrictions and executing commands on the underlying operating system. The user needs to log in to the device with valid user credentials to exploit this vulnerability.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 18, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available