CVE-2017-3801 - A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authen

CVE-2017-3801

Summary

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765.

References

Vulnerable Configurations

cpe:2.3:a:cisco:unified_computing_system_director:6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system_director:6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system_director:6.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system_director:6.0.0.1:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	96235
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs
sectrack	1037830

Last major update

03-10-2019 - 00:03

Published

15-02-2017 - 20:59

Last modified

03-10-2019 - 00:03