A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local malicious user to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An attacker could exploit this vulnerability by inserting Linux shell commands into a parameter using common techniques. A successful exploit could allow the malicious user to execute any command on the Linux shell as the root user. The attacker could also gain complete access to the underlying operating system by obtaining an interactive Linux shell as the root user. Cisco has confirmed the vulnerability in a security notice and has released software updates. To exploit this vulnerability, an attacker requires authenticated access to the targeted system. Authenticated access may require the malicious user to access trusted, internal networks. These access requirements could limit the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco unified computing system - |
Vulmon