CVE-2015-6388
published 2015-12-05CVE-2015-6388: Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.05%
78.8th percentile
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ucs_central | — | — |
| cisco | unified_computing_system_central_software | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_cisco5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g7c5-43m5-jg8v: Cisco Unified Computing System (UCS) Central software 1
ghsa_unreviewed·2022-05-17
CVE-2015-6388 [MEDIUM] GHSA-g7c5-43m5-jg8v: Cisco Unified Computing System (UCS) Central software 1
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.
Cisco
Cisco UCS Central Software Server-Side Request Forgery Vulnerability
vendor_cisco·2015-12-01·CVSS 5.0
CVE-2015-6388 [MEDIUM] CWE-20 Cisco UCS Central Software Server-Side Request Forgery Vulnerability
Cisco UCS Central Software Server-Side Request Forgery Vulnerability
A vulnerability in the Cisco Unified Computing System (UCS) Central software could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) on a targeted system.
The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If processed, the attacker could gain access and perform unauthorized actions on the targeted system.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link: https://sec.cloudapp
Cisco
Cisco UCS Central Software Server-Side Request Forgery Vulnerability
vendor_cisco
CVE-2015-6388 Cisco UCS Central Software Server-Side Request Forgery Vulnerability
CVE-2015-6388: Cisco UCS Central Software Server-Side Request Forgery Vulnerability
A vulnerability in the Cisco Unified Computing System (UCS) Central software could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If processed, the attacker could gain access and perform unauthorized actions on the targeted system. Cisco has not released software updates that address this vulnerability. There are no
CWE: CWE-20, CWE-20
Bug IDs: CSCux33575
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1http://www.securityfocus.com/bid/78870http://www.securitytracker.com/id/1034380http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1http://www.securityfocus.com/bid/78870http://www.securitytracker.com/id/1034380
2015-12-05
Published