Lucene search

CiscoCVE-2015-0701

HistoryMay 07, 2015 - 1:59 a.m.

CVE-2015-0701

2015-05-0701:59:02

CWE-20

cisco

web.nvd.nist.gov

cisco

ucs central

software

remote code execution

cve-2015-0701

bug id cscut46961

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.003

Percentile

70.4%

JSON

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Affected configurations

Nvd

Node

ciscounified_computing_system_central_softwareMatch1.0_base

ciscounified_computing_system_central_softwareMatch1.1_base

ciscounified_computing_system_central_softwareMatch1.2\(1a\)

ciscounified_computing_system_central_softwareMatch1.2\(1d\)

ciscounified_computing_system_central_softwareMatch1.2\(1e\)

ciscounified_computing_system_central_softwareMatch1.2\(1f\)

VendorProductVersionCPE
ciscounified_computing_system_central_software1.0_basecpe:2.3:a:cisco:unified_computing_system_central_software:1.0_base:*:*:*:*:*:*:*
ciscounified_computing_system_central_software1.1_basecpe:2.3:a:cisco:unified_computing_system_central_software:1.1_base:*:*:*:*:*:*:*
ciscounified_computing_system_central_software1.2(1a)cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1a\):*:*:*:*:*:*:*
ciscounified_computing_system_central_software1.2(1d)cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1d\):*:*:*:*:*:*:*
ciscounified_computing_system_central_software1.2(1e)cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1e\):*:*:*:*:*:*:*
ciscounified_computing_system_central_software1.2(1f)cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1f\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_computing_system_central_software	1.0_base	cpe:2.3:a:cisco:unified_computing_system_central_software:1.0_base:::::::*
cisco	unified_computing_system_central_software	1.1_base	cpe:2.3:a:cisco:unified_computing_system_central_software:1.1_base:::::::*
cisco	unified_computing_system_central_software	1.2(1a)	cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1a\):::::::*
cisco	unified_computing_system_central_software	1.2(1d)	cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1d\):::::::*
cisco	unified_computing_system_central_software	1.2(1e)	cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1e\):::::::*
cisco	unified_computing_system_central_software	1.2(1f)	cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\(1f\):::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc

www.securityfocus.com/bid/74491

www.securitytracker.com/id/1032267

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.003

Percentile

70.4%

JSON

Related for CVE-2015-0701