CVE-2025-20294
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ucs_manager | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple issues in the command-line interface (CLI) and web-based management interface of Cisco UCS Manager Software. An authenticated remote attacker with administrative privileges can exploit insufficient input validation in command arguments to perform command injection attacks. This means the attacker can submit specially crafted inputs to execute arbitrary commands on the underlying operating system with root-level privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with administrative access to escalate their privileges to root level and execute arbitrary commands on the affected system. This can lead to full control over the device, potentially compromising the confidentiality, integrity, and availability of the system and its data.