Role-based Access Flaw in Cisco Unified Computing System Director
CVE-2017-3817

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Ucs Director
Vendor
CVE Published:
7 April 2017

Summary

A flaw in the role-based resource checking feature of Cisco Unified Computing System (UCS) Director allows an authenticated remote attacker to gain access to unauthorized information regarding any virtual machine within a UCS domain. This vulnerability could lead to exposure of sensitive data and must be addressed promptly to maintain security integrity. Known affected versions include 5.5(0.1) and 6.0(0.0).

Affected Version(s)

Cisco UCS Director Cisco UCS Director

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038194
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97430
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.