CVE-2016-1352

CWE-78 — OS Command Injection4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 39.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System Central Software

Timeline

PublishedApr 14

Latest updateMay 17

Description

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/unified_computing_system_central_software1.3\(0.1\)

🔴Vulnerability Details

GHSA

GHSA-r6vc-5wc9-vgfw: Cisco Unified Computing System (UCS) Central Software 1↗2022-05-17

▶

CVEList

CVE-2016-1352: Cisco Unified Computing System (UCS) Central Software 1↗2016-04-14

▶

📋Vendor Advisories

Cisco

Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability↗2016-04-13

▶