Privilege Escalation Vulnerability in Cisco UCS Director by Cisco Systems
CVE-2017-3801

8.8HIGH

Key Information:

Vendor

Cisco
Status
Cisco Ucs Director Versions 6.0.0.0 And 6.0.0.1
Vendor
CVE Published:
15 February 2017

What is CVE-2017-3801?

A vulnerability exists in the web-based GUI of Cisco UCS Director, which could be exploited by an authenticated local attacker. This flaw arises from improper role-based access control (RBAC) after enabling the Developer Menu. By activating Developer Mode in an end-user profile, the attacker can create new catalogs containing arbitrary workflow items, enabling them to execute any listed actions. Such actions could potentially affect other tenants within the system, posing significant risks to overall system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco UCS Director 6.0.0.0 and 6.0.0.1 Cisco UCS Director versions 6.0.0.0 and 6.0.0.1

References

http://www.securitytracker.com/id/1037830
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96235
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.