Cisco Unified Computing System Central Software Privilege Escalation Vulnerability

ID CISCO-SA-20140219-CVE-2014-0730
Type cisco
Reporter Cisco
Modified 2014-02-19T22:58:48


A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device.

The vulnerability is due to improper input validation in the copy command. An attacker could exploit this vulnerability by sending a crafted command in the command-line interface.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker must have local access to the targeted device. This access requirement may decrease the likelihood of a successful exploit.