Vulnerability Description
A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ucs Manager | 4.0\(1a\)a |
| Cisco | Ucs 6248Up | - |
| Cisco | Ucs 6296Up | - |
| Cisco | Ucs 6324 | - |
| Cisco | Ucs 6332 | - |
| Cisco | Ucs 6332-16Up | - |
| Cisco | Ucs 64108 | - |
| Cisco | Ucs 6454 | - |
| Cisco | Fxos | 2.4\(1.214\) |
| Cisco | Firepower 2110 | - |
| Cisco | Firepower 2120 | - |
| Cisco | Firepower 2130 | - |
| Cisco | Firepower 2140 | - |
| Cisco | Firepower 4110 | - |
| Cisco | Firepower 4115 | - |
| Cisco | Firepower 4120 | - |
| Cisco | Firepower 4125 | - |
| Cisco | Firepower 4140 | - |
| Cisco | Firepower 4145 | - |
| Cisco | Firepower 4150 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2020-3171?
CVE-2020-3171 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underly...
How severe is CVE-2020-3171?
CVE-2020-3171 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3171?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ucs Manager, Cisco Ucs 6248Up, Cisco Ucs 6296Up, Cisco Ucs 6324, Cisco Ucs 6332.