SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Unified Computing System Vendors:   Cisco
Cisco Unified Computing System Manager Lets Local Users Obtain Root Shell Privileges
SecurityTracker Alert ID:  1039719
SecurityTracker URL:  http://securitytracker.com/id/1039719
CVE Reference:   CVE-2017-12243   (Links to External Site)
Date:  Nov 2 2017
Impact:   Root access via local system
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Unified Computing System (UCS) Manager. A local user can obtain root privileges on the target system.

A local user can supply a specially crafted command to exploit a string validation flaw in the shell application and gain root shell privileges on the target system.

The vendor has assigned bug IDs CSCvf20741 and CSCvf60078 to this vulnerability.

Maor Shwartz and Noam Rathaus of Beyond Security reported this vulnerability.

Impact:   A local user can obtain root shell privileges on the target system.
Solution:   No solution was available at the time of this entry.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC