6
CVE-2025-20295
- EPSS 0.03%
- Veröffentlicht 27.08.2025 16:23:29
- Zuletzt bearbeitet 29.08.2025 16:24:09
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files. This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to read or create a file or overwrite any file on the file system of the underlying operating system of the affected device, including system files. To exploit this vulnerability, the attacker must have valid administrative credentials on the affected device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Unified Computing System (Managed)
Default Statusunknown
Version
4.0(1a)
Status
affected
Version
4.1(1d)
Status
affected
Version
4.0(4f)
Status
affected
Version
4.0(4c)
Status
affected
Version
4.0(2b)
Status
affected
Version
4.1(2a)
Status
affected
Version
4.0(4a)
Status
affected
Version
4.0(4e)
Status
affected
Version
3.2(3p)
Status
affected
Version
4.0(4h)
Status
affected
Version
3.2(3d)
Status
affected
Version
3.2(3l)
Status
affected
Version
3.2(3o)
Status
affected
Version
4.0(2a)
Status
affected
Version
4.1(1c)
Status
affected
Version
4.0(1b)
Status
affected
Version
3.2(3j)
Status
affected
Version
3.2(2e)
Status
affected
Version
4.1(1e)
Status
affected
Version
4.0(4d)
Status
affected
Version
3.2(1d)
Status
affected
Version
3.2(3i)
Status
affected
Version
4.0(4b)
Status
affected
Version
4.0(2e)
Status
affected
Version
4.1(1a)
Status
affected
Version
3.2(3h)
Status
affected
Version
4.0(4g)
Status
affected
Version
3.2(2c)
Status
affected
Version
3.2(3k)
Status
affected
Version
3.2(3g)
Status
affected
Version
3.2(2b)
Status
affected
Version
4.0(1d)
Status
affected
Version
3.2(3a)
Status
affected
Version
4.0(1c)
Status
affected
Version
3.2(3e)
Status
affected
Version
3.2(2d)
Status
affected
Version
4.0(4i)
Status
affected
Version
3.2(2f)
Status
affected
Version
4.0(2d)
Status
affected
Version
4.1(1b)
Status
affected
Version
3.2(3n)
Status
affected
Version
3.2(3b)
Status
affected
Version
4.1(2b)
Status
affected
Version
4.0(4k)
Status
affected
Version
4.1(3a)
Status
affected
Version
4.1(3b)
Status
affected
Version
4.1(2c)
Status
affected
Version
4.0(4l)
Status
affected
Version
4.1(4a)
Status
affected
Version
4.1(3c)
Status
affected
Version
4.1(3d)
Status
affected
Version
4.2(1c)
Status
affected
Version
4.2(1d)
Status
affected
Version
4.0(4m)
Status
affected
Version
4.1(3e)
Status
affected
Version
4.2(1f)
Status
affected
Version
4.1(3f)
Status
affected
Version
4.2(1i)
Status
affected
Version
4.1(3h)
Status
affected
Version
4.2(1k)
Status
affected
Version
4.2(1l)
Status
affected
Version
4.0(4n)
Status
affected
Version
4.2(1m)
Status
affected
Version
4.1(3i)
Status
affected
Version
4.2(2a)
Status
affected
Version
4.2(1n)
Status
affected
Version
4.1(3j)
Status
affected
Version
4.2(2c)
Status
affected
Version
4.2(2d)
Status
affected
Version
4.2(3b)
Status
affected
Version
4.1(3k)
Status
affected
Version
4.0(4o)
Status
affected
Version
4.2(2e)
Status
affected
Version
4.2(3d)
Status
affected
Version
4.2(3e)
Status
affected
Version
4.2(3g)
Status
affected
Version
4.1(3l)
Status
affected
Version
4.3(2b)
Status
affected
Version
4.2(3h)
Status
affected
Version
4.2(3i)
Status
affected
Version
4.3(2c)
Status
affected
Version
4.1(3m)
Status
affected
Version
4.3(2e)
Status
affected
Version
4.3(3a)
Status
affected
Version
4.2(3j)
Status
affected
Version
4.3(3c)
Status
affected
Version
4.3(4a)
Status
affected
Version
4.2(3k)
Status
affected
Version
4.3(4b)
Status
affected
Version
4.3(4c)
Status
affected
Version
4.2(3l)
Status
affected
Version
4.3(4d)
Status
affected
Version
4.3(2f)
Status
affected
Version
4.2(3m)
Status
affected
Version
4.3(5a)
Status
affected
Version
4.3(4e)
Status
affected
Version
4.1(3n)
Status
affected
Version
4.3(4f)
Status
affected
Version
4.2(3n)
Status
affected
Version
4.3(5c)
Status
affected
Version
4.2(3o)
Status
affected
Version
4.3(5d)
Status
affected
Version
4.3(6a)
Status
affected
Version
4.3(6b)
Status
affected
Version
4.3(5e)
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6 | 0.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.