A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device.
The vulnerability is due to improper input validation in the copy command. An attacker could exploit this vulnerability by sending a crafted command in the command-line interface.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker must have local access to the targeted device. This access requirement may decrease the likelihood of a successful exploit.