Description

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. The permitted operations can be configured for the end user on the virtual machines with either of the following settings: The virtual machine is associated to a Virtual Data Center (VDC) that has an end user self-service policy attached to the VDC. The end user role has VM Management Actions settings configured under User Permissions. This is a global configuration, so all the virtual machines visible in the end-user portal will have the VM management actions available. The vulnerability is due to improper user authentication checks. An attacker could exploit this vulnerability by logging in to the UCS Director with a modified username and valid password. A successful exploit could allow the attacker to gain visibility into and perform actions against all virtual machines in the UCS Director end-user portal of the affected system. This vulnerability affects Cisco Unified Computing System (UCS) Director releases 6.0 and 6.5 prior to patch 3 that are in a default configuration. Cisco Bug IDs: CSCvh53501.

Metrics

 

CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score:  9.9 CRITICAL

Vector:  CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

NIST: NVD

Base Score:  9.0 HIGH

Vector:  (AV:N/AC:L/Au:S/C:C/I:C/A:C)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
http://www.securityfocus.com/bid/103919	Third Party Advisory  VDB Entry
http://www.securityfocus.com/bid/103919	Third Party Advisory  VDB Entry
http://www.securitytracker.com/id/1040708	Third Party Advisory  VDB Entry
http://www.securitytracker.com/id/1040708	Third Party Advisory  VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd	Vendor Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-287	Improper Authentication	NIST   Cisco Systems, Inc.

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

CVE Modified by CVE 11/20/2024 10:37:47 PM

Action	Type	Old Value	New Value
Added	Reference		http://www.securityfocus.com/bid/103919
Added	Reference		http://www.securitytracker.com/id/1040708
Added	Reference		https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd

CVE Modified by Cisco Systems, Inc. 5/14/2024 12:50:37 AM

Action	Type	Old Value	New Value

CVE Modified by Cisco Systems, Inc. 10/09/2019 7:31:32 PM

Action	Type	Old Value	New Value
Added	CWE		Cisco Systems, Inc. CWE-287

Initial Analysis by NIST 5/24/2018 8:07:20 AM

Action	Type	Old Value	New Value
Added	CVSS V3		AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Added	CVSS V2		(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Added	CWE		CWE-287
Added	CPE Configuration		OR *cpe:2.3:a:cisco:unified_computing_system_director:6.5\(0.0\):*:*:*:*:*:*:* *cpe:2.3:a:cisco:unified_computing_system_director:6.5\(0.1\):*:*:*:*:*:*:*
Changed	Reference Type	http://www.securityfocus.com/bid/103919 No Types Assigned	http://www.securityfocus.com/bid/103919 Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.securitytracker.com/id/1040708 No Types Assigned	http://www.securitytracker.com/id/1040708 Third Party Advisory, VDB Entry
Changed	Reference Type	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd No Types Assigned	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd Vendor Advisory

CVE Modified by Cisco Systems, Inc. 4/20/2018 9:29:00 PM

Action	Type	Old Value	New Value
Added	Reference		http://www.securityfocus.com/bid/103919 [No Types Assigned]
Added	Reference		http://www.securitytracker.com/id/1040708 [No Types Assigned]