CVE-2015-6435 — OS Command Injection in Cisco Firepower Extensible Operating System

CWE-78 — OS Command Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

16.0%

top 5.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Unified Computing System

Timeline

PublishedJan 22

Latest updateMay 13

Description

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/unified_computing_system83 versions+82

▶NVDcisco/firepower_extensible_operating_system1.1.1, 1.1\(1.160\), 1.1\(1.86\)+2

🔴Vulnerability Details

GHSA

GHSA-gpx2-q6w9-gh7p: An unspecified CGI script in Cisco FX-OS before 1↗2022-05-13

▶

CVEList

CVE-2015-6435: An unspecified CGI script in Cisco FX-OS before 1↗2016-01-22

▶

📋Vendor Advisories

Cisco

Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability↗2016-01-21

▶