Cisco UCS Manager
Moderate fix2 remedies
cpe:2.3:a:cisco:ucs_manager:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 4.1
- <= 4.2
- <= 4.3
Cisco UCS Manager Software Command Injection Vulnerability Allowing Privilege Escalation to Root
Vulnerability
Patched
A command injection vulnerability has been identified in Cisco UCS Manager Software, affecting the CLI and web-based management interface. This vulnerability allows an authenticated, remote attacker with administrative privileges to execute arbitrary commands on the underlying operating system of the affected device with root-level privileges. The issue arises from insufficient input validation of command arguments provided by the user. Exploitation involves authenticating to a device and submitting crafted input to the affected commands.
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the affected device's operating system with root-level privileges.
Remediation
Cisco has released software updates to address this vulnerability. For guidance on upgrading, consult the Cisco Security Advisories page or contact the Cisco Technical Assistance Center (TAC) or your maintenance provider.
Added: Aug 27, 2025, 5:37 PM
Updated: Aug 27, 2025, 5:37 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
10.0exploitability
4.4remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.