Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   Cisco Unified Computing System Vendors:   Cisco
Cisco Unified Computing System Manager Lets Local Users Obtain Root Shell Privileges
SecurityTracker Alert ID:  1039719
SecurityTracker URL:
CVE Reference:   CVE-2017-12243   (Links to External Site)
Date:  Nov 2 2017
Impact:   Root access via local system
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Unified Computing System (UCS) Manager. A local user can obtain root privileges on the target system.

A local user can supply a specially crafted command to exploit a string validation flaw in the shell application and gain root shell privileges on the target system.

The vendor has assigned bug IDs CSCvf20741 and CSCvf60078 to this vulnerability.

Maor Shwartz and Noam Rathaus of Beyond Security reported this vulnerability.

Impact:   A local user can obtain root shell privileges on the target system.
Solution:   No solution was available at the time of this entry.

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error

Message History:   None.

 Source Message Contents



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC