Sign-up

ID

VAR-201507-0508


CVE

CVE-2015-4279


TITLE

Cisco UCS B series Blade Server Runs on the device Cisco Unified Computing System of Manager Vulnerability gained privileges in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-003883

DESCRIPTION

The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. Cisco Unified Computing System Manager is prone to a local arbitrary command-injection vulnerability because it fails to properly sanitize user-supplied input. A local attacker may leverage this issue to to inject and execute arbitrary commands, which could result in complete system compromise. This issue being tracked by Cisco Bug ID CSCut32778. Manager is one of the management components

Trust: 1.98

sources: NVD: CVE-2015-4279 // JVNDB: JVNDB-2015-003883 // BID: 75953 // VULHUB: VHN-82240

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:2.2\(3b\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:eqversion:2.2(3b)

Trust: 0.8

sources: JVNDB: JVNDB-2015-003883 // CNNVD: CNNVD-201507-661 // NVD: CVE-2015-4279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4279
value: HIGH

Trust: 1.0

NVD: CVE-2015-4279
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201507-661
value: HIGH

Trust: 0.6

VULHUB: VHN-82240
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4279
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82240
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82240 // JVNDB: JVNDB-2015-003883 // CNNVD: CNNVD-201507-661 // NVD: CVE-2015-4279

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-82240 // JVNDB: JVNDB-2015-003883 // NVD: CVE-2015-4279

THREAT TYPE

local

Trust: 0.9

sources: BID: 75953 // CNNVD: CNNVD-201507-661

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201507-661

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003883

PATCH
title:39990url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39990
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003883

EXTERNAL IDS
db:NVDid:CVE-2015-4279
Trust: 2.8
db:BIDid:75953
Trust: 1.4
db:SECTRACKid:1032999
Trust: 1.1
db:JVNDBid:JVNDB-2015-003883
Trust: 0.8
db:CNNVDid:CNNVD-201507-661
Trust: 0.7
db:VULHUBid:VHN-82240
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82240 // 
            
            
            
            BID: 75953 // 
            
            
            
            JVNDB: JVNDB-2015-003883 // 
            
            
            
            CNNVD: CNNVD-201507-661 // 
            
            
            
            NVD: CVE-2015-4279

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39990
Trust: 2.0
url:http://www.securityfocus.com/bid/75953
Trust: 1.1
url:http://www.securitytracker.com/id/1032999
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4279
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4279
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-manager/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82240 // 
            
            
            
            BID: 75953 // 
            
            
            
            JVNDB: JVNDB-2015-003883 // 
            
            
            
            CNNVD: CNNVD-201507-661 // 
            
            
            
            NVD: CVE-2015-4279

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75953

SOURCES
db:VULHUBid:VHN-82240
db:BIDid:75953
db:JVNDBid:JVNDB-2015-003883
db:CNNVDid:CNNVD-201507-661
db:NVDid:CVE-2015-4279

LAST UPDATE DATE
2024-11-23T22:01:44.227000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82240date:2017-09-22T00:00:00
db:BIDid:75953date:2015-07-20T00:00:00
db:JVNDBid:JVNDB-2015-003883date:2015-07-23T00:00:00
db:CNNVDid:CNNVD-201507-661date:2015-07-23T00:00:00
db:NVDid:CVE-2015-4279date:2024-11-21T02:30:45.433

SOURCES RELEASE DATE
db:VULHUBid:VHN-82240date:2015-07-20T00:00:00
db:BIDid:75953date:2015-07-20T00:00:00
db:JVNDBid:JVNDB-2015-003883date:2015-07-23T00:00:00
db:CNNVDid:CNNVD-201507-661date:2015-07-21T00:00:00
db:NVDid:CVE-2015-4279date:2015-07-20T23:59:04.690