CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:C/I:N/A:N
EPSS
Percentile
5.1%
A vulnerability in the fabric interconnect of the Cisco Unified
Computing System could allow an authenticated, local attacker to view
arbitrary files on the underlying filesystem.
The vulnerability
is due to improper filtering of user-supplied parameters. An attacker
could exploit this vulnerability by providing invalid parameters to
certain command-line interface (CLI) commands. An exploit could allow the attacker to view files
on the underlying filesystem with elevated privileges.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must have local access to a targeted device, which may reside on trusted, internal networks behind firewall restrictions. These access requirements decrease the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_computing_system | any | cpe:2.3:h:cisco:unified_computing_system:any:*:*:*:*:*:*:* |