CVE-2015-6259
Cisco IMC Supervisor < 1.0.0.1 and UCS Director < 5.2.0.1 - Arbitrary File Write via JSP Component
Title source: llmDescription
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033451
Scores
EPSS
0.0282
EPSS Percentile
84.9%
Details
CWE
CWE-20
Status
published
Products (11)
cisco/integrated_management_controller_supervisor
< 1.0.0.0
cisco/unified_computing_system_director
3.4_base
cisco/unified_computing_system_director
4.0_base
cisco/unified_computing_system_director
4.1_base
cisco/unified_computing_system_director
5.0.0.0
cisco/unified_computing_system_director
5.0.0.1
cisco/unified_computing_system_director
5.0.0.2
cisco/unified_computing_system_director
5.0.0.3
cisco/unified_computing_system_director
5.1.0.0
cisco/unified_computing_system_director
5.1.0.1
... and 1 more
Published
Sep 04, 2015
Tracked Since
Feb 18, 2026