CVE-2018-0338 | Date: (C)2018-06-08 (M)2023-12-22 |
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 7.8 | CVSS Score : 4.6 |
Exploit Score: 1.8 | Exploit Score: 3.9 |
Impact Score: 5.9 | Impact Score: 6.4 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: LOCAL | Access Vector: LOCAL |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: LOW | Authentication: NONE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: PARTIAL |
Confidentiality: HIGH | Availability: PARTIAL |
Integrity: HIGH | |
Availability: HIGH | |
| |