CVE-2015-4286
published 2015-07-29CVE-2015-4286: The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.73%
74.7th percentile
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unified_computing_system_central_software | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco UCS Central Software File Access Vulnerability
vendor_cisco·2015-07-28·CVSS 5.0
CVE-2015-4286 [MEDIUM] CWE-20 Cisco UCS Central Software File Access Vulnerability
Cisco UCS Central Software File Access Vulnerability
A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to download arbitrary files from a targeted device.
The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted device. An exploit could allow the attacker to retrieve sensitive information.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, the attacker would need to send crafted HTTP requests to the targeted device, making exploitation more difficult in environments that restrict network access from untrusted sources.
Cisco would like to thank Mr. Gregory Draperi for reporting
GHSA
GHSA-p468-m6gq-36cp: The web framework in Cisco UCS Central Software 1
ghsa_unreviewed·2022-05-17
CVE-2015-4286 [MEDIUM] CWE-20 GHSA-p468-m6gq-36cp: The web framework in Cisco UCS Central Software 1
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-07-29
Published