Published: 22/01/2016 Updated: 30/01/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An unspecified CGI script in Cisco FX-OS prior to 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager prior to 2.2(4b), 2.2(5) prior to 2.2(5a), and 3.0 prior to 3.0(2e) allows remote malicious users to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco firepower extensible operating system 1.1.1
cisco firepower extensible operating system 1.1\\(1.160\\)
cisco firepower extensible operating system 1.1\\(1.86\\)
cisco unified computing system 3.0\\(1e\\)
cisco unified computing system 3.0\\(1d\\)
cisco unified computing system 2.2\\(3e\\)
cisco unified computing system 2.2\\(3d\\)
cisco unified computing system 2.2\\(1f\\)
cisco unified computing system 2.2\\(1e\\)
cisco unified computing system 2.1\\(1f\\)
cisco unified computing system 2.1\\(1e\\)
cisco unified computing system 1.3\\(1q\\)
cisco unified computing system 1.3\\(1p\\)
cisco unified computing system 1.4\\(4i\\)
cisco unified computing system 1.4\\(4g\\)
cisco unified computing system 1.4\\(4f\\)
cisco unified computing system 2.0\\(4d\\)
cisco unified computing system 2.0\\(4b\\)
cisco unified computing system 2.0\\(2m\\)
cisco unified computing system 2.0\\(1x\\)
cisco unified computing system 1.2_base
cisco unified computing system 1.1_base
cisco unified computing system 1.0_base
cisco unified computing system 1.4\\(3l\\)
cisco unified computing system 1.4\\(3m\\)
cisco unified computing system 3.0\\(2d\\)
cisco unified computing system 3.0\\(2c\\)
cisco unified computing system 2.2\\(3g\\)
cisco unified computing system 2.2\\(3f\\)
cisco unified computing system 2.2\\(1h\\)
cisco unified computing system 2.2\\(1g\\)
cisco unified computing system 2.0\\(5b\\)
cisco unified computing system 2.1\\(2a\\)
cisco unified computing system 1.3\\(1w\\)
cisco unified computing system 1.3\\(1t\\)
cisco unified computing system 1.4\\(4k\\)
cisco unified computing system 1.4\\(4j\\)
cisco unified computing system 2.1\\(1a\\)
cisco unified computing system 2.0\\(5a\\)
cisco unified computing system 2.0\\(2r\\)
cisco unified computing system 2.0\\(2q\\)
cisco unified computing system 2.1_base
cisco unified computing system 1.3_base
cisco unified computing system 1.4\\(1m\\)
cisco unified computing system 1.4\\(3i\\)
cisco unified computing system 3.0\\(1c\\)
cisco unified computing system 2.2\\(5a\\)
cisco unified computing system 2.2\\(3c\\)
cisco unified computing system 2.2\\(3b\\)
cisco unified computing system 2.2\\(1d\\)
cisco unified computing system 2.2\\(1c\\)
cisco unified computing system 2.2\\(1b\\)
cisco unified computing system 1.0\\(2k\\)
cisco unified computing system 1.1\\(1m\\)
cisco unified computing system 1.3\\(1o\\)
cisco unified computing system 1.3\\(1n\\)
cisco unified computing system 1.4\\(3y\\)
cisco unified computing system 1.4\\(3u\\)
cisco unified computing system 2.0\\(4a\\)
cisco unified computing system 2.0\\(3c\\)
cisco unified computing system 2.0\\(1w\\)
cisco unified computing system 2.0\\(1t\\)
cisco unified computing system 2.0\\(1q\\)
cisco unified computing system 2.0\\(1m\\)
cisco unified computing system 1.4\\(3q\\)
cisco unified computing system 1.4\\(3s\\)
cisco unified computing system 2.2\\(4c\\)
cisco unified computing system 2.2\\(4b\\)
cisco unified computing system 2.2\\(3a\\)
cisco unified computing system 2.2\\(2c\\)
cisco unified computing system 2.2\\(2c\\)a
cisco unified computing system 2.0\\(5c\\)
cisco unified computing system 1.2\\(1d\\)
cisco unified computing system 1.3\\(1y\\)
cisco unified computing system 1.3\\(1m\\)
cisco unified computing system 1.3\\(1c\\)
cisco unified computing system 2.1\\(1d\\)
cisco unified computing system 2.1\\(1b\\)
cisco unified computing system 2.0\\(3b\\)
cisco unified computing system 2.0\\(3a\\)
cisco unified computing system 2.0\\(1s\\)
cisco unified computing system 2.2_base
cisco unified computing system 1.4\\(1i\\)
cisco unified computing system 1.4\\(1j\\)
cisco unified computing system 2.0_base
cisco unified computing system 1.4_base

A vulnerability in a CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance The vulnerability is due to unprotected calling of shell commands in t ...

Cisco UCS Manager version 22(1d) remote command execution exploit An unspecified CGI script in Cisco FX-OS before 112 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 22(4b), 22(5) before 22(5a), and 30 before 30(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka ...

CWE-78 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm http://www.securitytracker.com/id/1034743 http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm

CVE-2015-6435

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect