Vulnerability Details : CVE-2018-0113
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.
Vulnerability category: Input validation
Products affected by CVE-2018-0113
- cpe:2.3:a:cisco:unified_computing_system_central_software:1.5\(1c\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0113
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0113
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-0113
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2018-0113
-
http://www.securitytracker.com/id/1040337
Cisco UCS Central Input Validation Flaw in an Operations Script Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc
Cisco UCS Central Arbitrary Command Execution VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/102966
Cisco UCS Central Software CVE-2018-0113 Remote Command Execution VulnerabilityThird Party Advisory;VDB Entry
Jump to