Improper input validation in Cisco Unified_computing_system
CVE-2017-12255
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Br…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cisco Unified_computing_system — versions 1.5\(1c\)
- N/a Cisco Ucs Central Software — versions Cisco UCS Central Software
Weakness classification (CWE)
References
- psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2017-12255?
- CVE-2017-12255 is a medium-severity vulnerability in Cisco Unified_computing_system, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2017-09-21.
- How severe is CVE-2017-12255?
- Medium severity. CVSS v3 base score is 6.7 out of 10.