Cisco UCS Manager Command Injection Vulnerability Allowing File Overwrite or Creation

A command injection vulnerability has been identified in the CLI of Cisco UCS Manager Software. This vulnerability allows an authenticated, local attacker with administrative privileges to read, create, or overwrite any file on the file system of the underlying operating system, including system files. The issue arises from insufficient input validation of command arguments provided by the user. Exploitation of this vulnerability requires valid administrative credentials on the affected device.

Impact

Successful exploitation allows the attacker to manipulate files on the operating system, potentially overwriting critical system files or injecting malicious content that could be executed by the system.

Remediation

Cisco has released software updates to address this vulnerability. Users should consult the Cisco UCS Software release notes for upgrade instructions and to determine the best release for their environment.