1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Cisco UCS OS Command Injection

Attack: Cisco UCS OS Command Injection

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempts to execute arbitrary commands within the context of the affected application.

Additional Information

Multiple Cisco Products are prone to a local command-injection vulnerability. Specifically, this issue exists because it fails to properly sanitize user-supplied input in the shell application. An attacker could exploit this vulnerability by entering a specific command with crafted arguments to gain root privileges.

An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Affected

  • Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube