A scholar, Pedro Ribeiro, has created Metasploit elements for Cisco Unified Computing System (UCS) susceptibilities that can be used to take complete seizure of affected systems.
Last week, Cisco informed customers that it issued patches for 17 serious and high-severity errors impacting some of the networking giant’s UCS products.
Cisco itself found a majority of the security flaws, but it’s Pedro Ribeiro who has reported some of them to the company, who said he has issued the details of three susceptibilities that can be misused by nasty actors to acquire complete control over affected systems.
One of the faults, traced as CVE-2019-1935 and recognized as critical, can let a remote attacker log on to the command-line interface (CLI) of a susceptible system using the SCP user account (scpuser), which has default authorizations.
Another susceptibility recognized by Ribeiro is CVE-2019-1936, a high-severity problem that lets a genuine attacker perform random commands on the underlying Linux shell with root permissions.
While this susceptibility needs verification, that can be attained using another serious weakness exposed by the researcher. CVE-2019-1937 lets a remote and unverified attacker sidestep verification by obtaining a lawful session token with admin rights. An attacker can attain this token by sending a series of malevolent requests to the targeted device.
The researcher has come up with two Metasploit modules that are on the verge of being integrated. One targets the default SSH password, while the other integrates the verification bypass and command injection susceptibilities.