cnvd - cnvd-2016-07728

cnvd-2016-07728

Vulnerability from cnvd

Title: Cisco Unified Computing System本地权限提升漏洞

Description:

Cisco Unified Computing System Manager可对统一计算系统内的所有软硬件组件提供统一的、嵌入式管理。

Cisco Unified Computing System (UCS) 3.0(2d)之前版本，UCS Manager及UCS 6200 Fabric Interconnects存在权限提升漏洞。本地用户通过构造的CLI输入，可获取OS根访问权限。

Severity: 中

Formal description:

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.cisco.com/web/solutions/data_center/unifiedcomputing_promo.html

Reference: http://www.securityfocus.com/bid/92956 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs

Impacted products

Name
Cisco Unified Computing System (UCS) <3.0(2d)

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92956"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6402"
    }
  },
  "description": "Cisco Unified Computing System Manager\u53ef\u5bf9\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\u5185\u7684\u6240\u6709\u8f6f\u786c\u4ef6\u7ec4\u4ef6\u63d0\u4f9b\u7edf\u4e00\u7684\u3001\u5d4c\u5165\u5f0f\u7ba1\u7406\u3002\r\n\r\nCisco Unified Computing System (UCS) 3.0(2d)\u4e4b\u524d\u7248\u672c\uff0cUCS Manager\u53caUCS 6200 Fabric Interconnects\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u672c\u5730\u7528\u6237\u901a\u8fc7\u6784\u9020\u7684CLI\u8f93\u5165\uff0c\u53ef\u83b7\u53d6OS\u6839\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://www.cisco.com/web/solutions/data_center/unifiedcomputing_promo.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-07728",
  "openTime": "2016-09-20",
  "products": {
    "product": "Cisco Unified Computing System (UCS) \u003c3.0(2d)"
  },
  "referenceLink": "http://www.securityfocus.com/bid/92956\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs",
  "serverity": "\u4e2d",
  "submitTime": "2016-09-19",
  "title": "Cisco Unified Computing System\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2016-6402 (GCVE-0-2016-6402)

Vulnerability from cvelistv5

Published

2016-09-18 22:00

Modified

2024-08-06 01:29

Severity ?

CWE

Summary

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1036831	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/92956	vdb-entry, x_refsource_BID
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036831",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036831"
          },
          {
            "name": "92956",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92956"
          },
          {
            "name": "20160914 Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1036831",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036831"
        },
        {
          "name": "92956",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92956"
        },
        {
          "name": "20160914 Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036831",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036831"
            },
            {
              "name": "92956",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92956"
            },
            {
              "name": "20160914 Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6402",
    "datePublished": "2016-09-18T22:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted