Published: 24/09/2013 Updated: 29/08/2017
CVSS v2 Base Score: 6.6 | Impact Score: 10 | Exploitability Score: 2.7
VMScore: 587
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239.

Affected Products

Vendor Product Versions
CiscoUnified Computing System-

Vendor Advisories

A vulnerability in the fabric interconnect (FI) of Cisco Unified Computing System could allow an authenticated, local attacker to execute arbitrary commands on the Baseboard Management Controller (BMC) with elevated privileges The vulnerability is due to improper input validation in the MCTOOLS command in the FI software An attacker could exploi ...