CVE-2015-6435

CRITICAL

Cisco FX-OS < 1.1.2 and UCS Manager < 2.2(4b), 2.2(5)-2.2(5a), 3.0-3.0(2e) - Remote Command Execution via CGI Script

Title source: llm
STIX 2.1

Description

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034743

Scores

CVSS v3 9.8
EPSS 0.0868
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (50)
cisco/firepower_extensible_operating_system 1.1\(1.86\)
cisco/firepower_extensible_operating_system 1.1\(1.160\)
cisco/firepower_extensible_operating_system 1.1.1
cisco/unified_computing_system 1.0\(2k\)
cisco/unified_computing_system 1.0_base
cisco/unified_computing_system 1.1\(1m\)
cisco/unified_computing_system 1.1_base
cisco/unified_computing_system 1.2\(1d\)
cisco/unified_computing_system 1.2_base
cisco/unified_computing_system 1.3\(1c\)
... and 40 more
Published Jan 22, 2016
Tracked Since Feb 18, 2026