CVE-2018-0113

CVE Database · CVE-2018-0113

CVE-2018-0113

· N/AModified

CVSS v3.1

N/A

EPSS

2.27%

Published

Feb 8, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (1)

cisco · unified_computing_system_central_softwarevulnerable

References (6)

http://www.securityfocus.com/bid/102966

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040337

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc

Vendor Advisory

http://www.securityfocus.com/bid/102966

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040337

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc

KEV Catalog EPSS Scores Vendors All CVEs