CVE-2016-6374
published 2016-09-22CVE-2016-6374: Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.69%
88.3th percentile
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cloud_services_platform_2100 | — | — |
| cisco | cloud_services_platform_2100 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the Cisco CSP 2100 web interface containing a crafted 'dnslookup' command parameter, which is the attack vector for this RCE vulnerability. ↗
- →The exploit is unauthenticated — any HTTP request carrying a malicious dnslookup value from an unauthenticated source should be treated as suspicious. ↗
- →The root cause is insufficient input sanitization of HTTP request values — look for shell metacharacters or command injection payloads embedded within the dnslookup parameter of HTTP requests to the CSP 2100 web interface. ↗
- ·Affected version is Cisco CSP 2100 version 2.0 only — scope detection rules accordingly. ↗
- ·No workarounds are available; patching via Cisco software updates is the only remediation. Unpatched systems remain fully exposed to unauthenticated RCE. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
vendor_cisco·2016-09-21·CVSS 7.5
CVE-2016-6374 [HIGH] CWE-20 Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/sec
Cisco
Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
vendor_cisco
CVE-2016-6374 Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
CVE-2016-6374: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user. Cisco has released software updates that address this vulnerability.
CWE: CWE-20, CWE-20
Bug IDs: CSCuz89093
GHSA
GHSA-cp32-r62f-3wgq: Cisco Cloud Services Platform (CSP) 2100 2
ghsa_unreviewed·2022-05-13
CVE-2016-6374 [CRITICAL] CWE-20 GHSA-cp32-r62f-3wgq: Cisco Cloud Services Platform (CSP) 2100 2
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2http://www.securityfocus.com/bid/93095http://www.securitytracker.com/id/1036864http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2http://www.securityfocus.com/bid/93095http://www.securitytracker.com/id/1036864
2016-09-22
Published