CVE-2015-6259

CWE-20 — Improper Input Validation CWE-22 — Path Traversal4 documents4 sources

Severity

9.4CRITICAL

EPSS

1.7%

top 17.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Integrated Management Controller Supervisor Cisco Unified Computing System Director

Timeline

PublishedSep 4

Latest updateMay 17

Description

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

CVSS vector

AV:N/AC:L/C:N/I:C/A:CExploitability: 10.0 | Impact: 9.2

Affected Packages2 packages

▶NVDcisco/integrated_management_controller_supervisor1.0.0.0

▶NVDcisco/unified_computing_system_director5.2.0.0+9

🔴Vulnerability Details

GHSA

GHSA-gjjm-x2xg-8xgc: The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1↗2022-05-17

▶

CVEList

CVE-2015-6259: The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1↗2015-09-04

▶

📋Vendor Advisories

Cisco

Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability↗2015-09-02

▶