Home

CVE-2015-6435

Description

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
16.005

Associated Vulnerability

VulnerabilityOS Platform
Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability For Cisco Unified Computing SystemNCM
Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability For Cisco Firepower 9300 SeriesNCM
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2015-6435)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706036Security Update for Cisco Unified Computing System 3.2(1d)
PATCH-1705710Security Update for Cisco Firepower 9300 Series 1.1(3.76)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234