Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20141209-CVE-2014-7989
HistoryDec 09, 2014 - 4:38 p.m.

Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability

2014-12-0916:38:12
tools.cisco.com
13

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device.

The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by sending a crafted command in the command-line interface.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit the vulnerability, the attacker may need local system access to the targeted system under the local-mgmt context. This access requirement could limit the likelihood of a successful exploit.

Affected configurations

Vulners
Node
ciscounified_computing_systemMatchany
OR
ciscounified_computing_systemMatchany

Related

cvelist 1
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2014-7989
2014-11-07 11:00:00
nvd
nvd
CVE-2014-7989
2014-11-07 11:55:03
prion
prion
Command injection
2014-11-07 11:55:00
cve
cve
CVE-2014-7989
2014-11-07 11:55:03

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CISCO-SA-20141209-CVE-2014-7989
cvelist1nvd1prion1cve1