CVE-2015-4279 — OS Command Injection in Cisco Unified Computing System

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 46.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System

Timeline

PublishedJul 20

Latest updateMay 17

Description

The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/unified_computing_system2.2\(3b\)

🔴Vulnerability Details

GHSA

GHSA-j7j3-rx35-4w7h: The Manager component in Cisco Unified Computing System (UCS) 2↗2022-05-17

▶

OSV

php7.0 regression↗2020-02-19

▶

CVEList

CVE-2015-4279: The Manager component in Cisco Unified Computing System (UCS) 2↗2015-07-20

▶