Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified
Computing System could allow an authenticated, local attacker to view
arbitrary files on the underlying filesystem.

The vulnerability
is due to improper filtering of user-supplied parameters. An attacker
could exploit this vulnerability by providing invalid parameters to
certain command-line interface (CLI) commands. An exploit could allow the attacker to view files
on the underlying filesystem with elevated privileges.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must have local access to a targeted device, which may reside on trusted, internal networks behind firewall restrictions. These access requirements decrease the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.