10
CVE-2015-6435
- EPSS 16.01%
- Published 22.01.2016 11:59:01
- Last modified 12.04.2025 10:46:40
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Firepower Extensible Operating System Version1.1.1
Cisco ≫ Unified Computing System Version1.0_base
Cisco ≫ Unified Computing System Version1.1_base
Cisco ≫ Unified Computing System Version1.2_base
Cisco ≫ Unified Computing System Version1.3_base
Cisco ≫ Unified Computing System Version1.4_base
Cisco ≫ Unified Computing System Version2.0_base
Cisco ≫ Unified Computing System Version2.1_base
Cisco ≫ Unified Computing System Version2.2_base
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.01% | 0.945 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.