6.8 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device.
The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by sending a crafted command in the command-line interface.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit the vulnerability, the attacker may need local system access to the targeted system under the local-mgmt context. This access requirement could limit the likelihood of a successful exploit.
CPE | Name | Operator | Version |
---|---|---|---|
cisco unified computing system (managed) | eq | any | |
cisco unified computing system (managed) | eq | any |