CVE-2015-6435
CRITICALCisco FX-OS < 1.1.2 and UCS Manager < 2.2(4b), 2.2(5)-2.2(5a), 3.0-3.0(2e) - Remote Command Execution via CGI Script
Title source: llmDescription
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034743
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html
Scores
CVSS v3
9.8
EPSS
0.0868
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (50)
cisco/firepower_extensible_operating_system
1.1\(1.86\)
cisco/firepower_extensible_operating_system
1.1\(1.160\)
cisco/firepower_extensible_operating_system
1.1.1
cisco/unified_computing_system
1.0\(2k\)
cisco/unified_computing_system
1.0_base
cisco/unified_computing_system
1.1\(1m\)
cisco/unified_computing_system
1.1_base
cisco/unified_computing_system
1.2\(1d\)
cisco/unified_computing_system
1.2_base
cisco/unified_computing_system
1.3\(1c\)
... and 40 more
Published
Jan 22, 2016
Tracked Since
Feb 18, 2026