Cisco UCS Manager Privilege Escalation Vulnerability

A vulnerability exists in the NX-OS CLI privilege levels of Cisco UCS Manager Software, allowing an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on the system. This issue arises from the assignment of unnecessary privileges to users. An attacker could exploit this by authenticating as a read-only user and accessing the NX-OS CLI, potentially leading to the creation or overwriting of files or the execution of limited privileged actions on the device.

Impact

Exploitation could allow the attacker to escalate privileges, enabling them to modify files or perform restricted actions on the affected system.

Remediation

Cisco has released software updates to address this vulnerability. Users should upgrade to the fixed releases mentioned in the advisory. For guidance on which release to upgrade to, consult the Recommended Releases documents in the release notes for the device.