Command Injection Vulnerability in Cisco Unified Computing System Platform Emulator
CVE-2016-1339

7.8HIGH

Key Information:

Vendor: Cisco
Status: Unified Computing System Platform Emulator
Vendor: CVE Published:; 16 April 2016

Summary

The Cisco Unified Computing System Platform Emulator is vulnerable to command injection due to improper validation of input. Local users can exploit this vulnerability by leveraging crafted arguments on the ucspe-copy command line, potentially gaining elevated privileges. This security issue affects the specified versions of the Emulator and poses a risk to system integrity if not mitigated.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1035581

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2016
Vulnerability Reserved
Jan 4, 2016