漏洞类别:CGI
漏洞等级: 
漏洞信息
Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine (VM).
The vulnerability exists due to improper validation of string input passed to IP/settings/ping function in the shell application. An unauthenticated, remote attacker could exploit this vulnerability through the use of malicious commands.
Affected Version:
Unified Computing System Manager
QID Detection Logic:
This unauthenticated QID transmits a "uname -a" command to verify if the system is vulnerable.
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to obtain root shell privileges and execute arbitrary code on the targeted device.
解决方案
Customers are advised to refer to cisco-sa-20171101-arce for information pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论