Privilege escalation in Cisco UCS Director
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-3801 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco UCS Director Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Privilege escalation
EUVDB-ID: #VU5840
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3801
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to obtain elevated privileges.
The vulnerability exists due to improper role-based access control (RBAC) in web-based management interface when the Developer Menu is enabled in Cisco UCS Director. A remote authenticated user can enable Developer Mode for his/her user profile with an end-user profile and then add new catalogs with arbitrary workflow items to his/her profile.
Successful exploitation of the vulnerability will allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants.
MitigationUpdate to version 6.0.1.0.
Vulnerable software versionsCisco UCS Director: 6.0.0.0 - 6.0.0.1
CPE2.3- cpe:2.3:a:cisco_systems:cisco_ucs_director:6.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_ucs_director:6.0.0.1:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
