Details of VAR-201509-0294

ID

VAR-201509-0294

CVE

CVE-2015-6259

TITLE

Cisco Integrated Management Controller Supervisor and Unified Computing System Director of JSP Vulnerability written to arbitrary file in component

Trust: 0.8

sources: JVNDB: JVNDB-2015-004592

DESCRIPTION

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vendors have confirmed this vulnerability Bug ID CSCus36435 and CSCus62625 It is released as.Skillfully crafted by a third party HTTP May be written to any file via request. Successful exploits may allow an attacker to overwrite arbitrary system files, resulting in system instability or a denial of service condition. This issue is being tracked by Cisco Bug IDs CSCus36435 and CSCus62625. The former is a set of tools for managing UCS (Unified Computing System). The latter is a set of unified infrastructure management tools. JavaServer Pages (JSP) is one of the standard components for dynamic web development

Trust: 1.98

sources: NVD: CVE-2015-6259 // JVNDB: JVNDB-2015-004592 // BID: 76565 // VULHUB: VHN-84220

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system director	scope:	eq	version:	4.1_base	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.0.0.2	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	4.0_base	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.0.0.0	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.1.0.0	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.0.0.1	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	3.4_base	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.0.0.3	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.1.0.1	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	lte	version:	5.2.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lte	version:	1.0.0.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	1.0.0.1	Trust: 0.8
vendor:	cisco	model:	unified computing system director	scope:	lt	version:	5.2.0.1	Trust: 0.8
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.2.0.0	Trust: 0.6
vendor:	cisco	model:	ucs director	scope:	eq	version:	5.2.0.0	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.1.0.2	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.1.0.1	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.1.0.0	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.0.0.3	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.0.0.2	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.0.0.1	Trust: 0.3
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	1.0.0.0	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	ne	version:	5.2.0.1	Trust: 0.3
vendor:	cisco	model:	integrated management controller supervisor	scope:	ne	version:	1.0.0.1	Trust: 0.3

sources: BID: 76565 // JVNDB: JVNDB-2015-004592 // CNNVD: CNNVD-201509-045 // NVD: CVE-2015-6259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6259
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6259
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201509-045
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-84220
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6259
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84220
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84220 // JVNDB: JVNDB-2015-004592 // CNNVD: CNNVD-201509-045 // NVD: CVE-2015-6259

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-84220 // JVNDB: JVNDB-2015-004592 // NVD: CVE-2015-6259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-045

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201509-045

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004592

PATCH

title:	cisco-sa-20150902-cimcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs	Trust: 0.8
title:	40683	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40683	Trust: 0.8
title:	cisco-sa-20150902-cimcs	url:	http://www.cisco.com/cisco/web/support/JP/113/1135/1135284_cisco-sa-20150902-cimcs-j.html	Trust: 0.8
title:	Cisco Integrated Management Controller Supervisor and UCS Director JavaServer Pages Fixes for component input validation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61031	Trust: 0.6

sources: JVNDB: JVNDB-2015-004592 // CNNVD: CNNVD-201509-045

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6259	Trust: 2.8
db:	SECTRACK	id:	1033451	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004592	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-045	Trust: 0.7
db:	BID	id:	76565	Trust: 0.4
db:	VULHUB	id:	VHN-84220	Trust: 0.1

sources: VULHUB: VHN-84220 // BID: 76565 // JVNDB: JVNDB-2015-004592 // CNNVD: CNNVD-201509-045 // NVD: CVE-2015-6259

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150902-cimcs	Trust: 2.0
url:	http://www.securitytracker.com/id/1033451	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6259	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6259	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-84220 // BID: 76565 // JVNDB: JVNDB-2015-004592 // CNNVD: CNNVD-201509-045 // NVD: CVE-2015-6259

CREDITS

Cisco

Trust: 0.3

sources: BID: 76565

SOURCES

db:	VULHUB	id:	VHN-84220
db:	BID	id:	76565
db:	JVNDB	id:	JVNDB-2015-004592
db:	CNNVD	id:	CNNVD-201509-045
db:	NVD	id:	CVE-2015-6259

LAST UPDATE DATE

2024-11-23T22:34:56.800000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84220	date:	2016-12-29T00:00:00
db:	BID	id:	76565	date:	2015-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-004592	date:	2015-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201509-045	date:	2015-09-07T00:00:00
db:	NVD	id:	CVE-2015-6259	date:	2024-11-21T02:34:39.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84220	date:	2015-09-04T00:00:00
db:	BID	id:	76565	date:	2015-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-004592	date:	2015-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201509-045	date:	2015-09-07T00:00:00
db:	NVD	id:	CVE-2015-6259	date:	2015-09-04T01:59:02.910