Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified
Computing System fabric interconnect devices could allow an
unauthenticated, remote attacker to execute arbitrary commands on the
underlying operating system.

The vulnerability is due to
unfiltered input in the initial configuration script. An attacker could
exploit this vulnerability by entering invalid parameters during initial
setup. A successful exploit could allow the attacker to execute
arbitrary commands on the underlying operating system with the privileges of the daemon user.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.