cbcvebase.
CVE-2016-1352
published 2016-04-14

CVE-2016-1352: Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.24%
80.6th percentile
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscounified_computing_system_central
ciscounified_computing_system_central_software

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts by monitoring for crafted/malicious HTTP requests targeting Cisco UCS Central Software web framework endpoints, which may contain OS command injection payloads in request parameters
  • Flag unauthenticated remote HTTP requests that result in OS command execution on Cisco UCS Central Software versions 1.3(1b) and earlier; the vulnerability is in the web framework and stems from improper input validation (CWE-78 OS Command Injection)
  • ·Affected versions are Cisco UCS Central Software 1.3(1b) and earlier; upgrade to a patched release as there are no workarounds available
  • ·No workarounds exist for this vulnerability; only the vendor-released software update addresses it

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.