Details of VAR-201506-0244

ID

VAR-201506-0244

CVE

CVE-2015-4183

TITLE

Cisco Unified Computing System Central In software OS Vulnerability that can get command execution privileges

Trust: 0.8

sources: JVNDB: JVNDB-2015-003186

DESCRIPTION

Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. An attacker can exploit this issue to execute system commands on the underlying operating system. This issue being tracked by Cisco Bug ID CSCut32795

Trust: 1.98

sources: NVD: CVE-2015-4183 // JVNDB: JVNDB-2015-003186 // BID: 75205 // VULHUB: VHN-82144

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	unified computing system central software	scope:	eq	version:	1.2(1a)	Trust: 0.8
vendor:	cisco	model:	unified computing system central software 1.2	scope:	-	version:	-	Trust: 0.3

sources: BID: 75205 // JVNDB: JVNDB-2015-003186 // CNNVD: CNNVD-201506-314 // NVD: CVE-2015-4183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4183
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-4183
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201506-314
value:	HIGH
Trust: 0.6
VULHUB:	VHN-82144
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-4183
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82144
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82144 // JVNDB: JVNDB-2015-003186 // CNNVD: CNNVD-201506-314 // NVD: CVE-2015-4183

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-82144 // JVNDB: JVNDB-2015-003186 // NVD: CVE-2015-4183

THREAT TYPE

local

Trust: 0.9

sources: BID: 75205 // CNNVD: CNNVD-201506-314

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201506-314

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003186

PATCH

title:

39324

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39324

Trust: 0.8

sources: JVNDB: JVNDB-2015-003186

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4183	Trust: 2.8
db:	BID	id:	75205	Trust: 1.4
db:	SECTRACK	id:	1032584	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003186	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-314	Trust: 0.7
db:	VULHUB	id:	VHN-82144	Trust: 0.1

sources: VULHUB: VHN-82144 // BID: 75205 // JVNDB: JVNDB-2015-003186 // CNNVD: CNNVD-201506-314 // NVD: CVE-2015-4183

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39324	Trust: 2.0
url:	http://www.securityfocus.com/bid/75205	Trust: 1.1
url:	http://www.securitytracker.com/id/1032584	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4183	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4183	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-82144 // BID: 75205 // JVNDB: JVNDB-2015-003186 // CNNVD: CNNVD-201506-314 // NVD: CVE-2015-4183

CREDITS

Cisco

Trust: 0.3

sources: BID: 75205

SOURCES

db:	VULHUB	id:	VHN-82144
db:	BID	id:	75205
db:	JVNDB	id:	JVNDB-2015-003186
db:	CNNVD	id:	CNNVD-201506-314
db:	NVD	id:	CVE-2015-4183

LAST UPDATE DATE

2024-11-23T23:05:39.039000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82144	date:	2016-12-07T00:00:00
db:	BID	id:	75205	date:	2015-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003186	date:	2015-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201506-314	date:	2015-06-18T00:00:00
db:	NVD	id:	CVE-2015-4183	date:	2024-11-21T02:30:35.457

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82144	date:	2015-06-17T00:00:00
db:	BID	id:	75205	date:	2015-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003186	date:	2015-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201506-314	date:	2015-06-18T00:00:00
db:	NVD	id:	CVE-2015-4183	date:	2015-06-17T10:59:03.930