Cisco UCS Fabric Interconnects Command Injection (cisco-sa-nxfp-cmdinj-XXBZjtR)

medium Nessus Plugin ID 171894


The remote device is missing a vendor-supplied security patch


According to its self-reported version, Cisco Unified Computing System (UCS) Fabric Interconnect is affected by a command injection vulnerability. Due to insufficient input validation of commands supplied by the user, an authenticated attacker can execute unauthorized commands within the CLI. On Cisco UCS 6400 and UCS 6500 Series Fabric Interconnects, an attacker with Administrator privileges could execute commands on the underlying operating system with root-level privileges.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.


Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwc52151 and CSCwd11206

See Also

Plugin Details

Severity: Medium

ID: 171894

File Name: cisco-sa-nxfp-cmdinj-XXBZjtR-ucs.nasl

Version: 1.3

Type: remote

Family: CISCO

Published: 2/24/2023

Updated: 3/8/2024

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2023-20015


Risk Factor: Medium

Base Score: 6.7

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:unified_computing_system

Required KB Items: installed_sw/cisco_ucs_manager

Exploit Ease: No known exploits are available

Patch Publication Date: 2/22/2023

Vulnerability Publication Date: 2/22/2023

Reference Information

CVE: CVE-2023-20015

CISCO-SA: cisco-sa-nxfp-cmdinj-XXBZjtR

IAVA: 2023-A-0114-S

CISCO-BUG-ID: CSCwc52151, CSCwd11206