Details of VAR-201601-0494

ID

VAR-201601-0494

CVE

CVE-2015-6435

TITLE

Cisco Firepower 9000 Run on device FX-OS and Unified Computing System Manager Unspecified CGI Any in the script shell Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006853

DESCRIPTION

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Vendors have confirmed this vulnerability Bug ID CSCur90888 It is released as.Skillfully crafted by a third party HTTP Any via request shell The command may be executed. Cisco Unified Computing System Manager and Cisco FX-OSon Firepower 9000 are products of Cisco. The former is a set of embedded device management software that manages the Cisco Unified Computing System from a single, highly available logical entity, end-to-end, an operating system running on the 9000 Series firewall devices. There are security vulnerabilities in CGI scripts in CiscoUCSManager and FX-OSforFirepower 9000Series. Multiple Cisco products are prone to a remote command-execution vulnerability. This may aid in further attacks. This issue being tracked by Cisco Bug IDs CSCur90888 and CSCux10615. The following products and versions are affected: Cisco UCS Manager prior to 2.2(4b), 2.2(5) prior to 2.2(5a), 3.0 prior to 3.0(2e), FX-OS for Firepower 9000 Series prior to 1.1.2

Trust: 2.52

sources: NVD: CVE-2015-6435 // JVNDB: JVNDB-2015-006853 // CNVD: CNVD-2016-00776 // BID: 81302 // VULHUB: VHN-84396

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00776

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(5a\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(3y\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(4i\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(3u\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(4f\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(3b\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(4g\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.1\(1b\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.1\(1d\)	Trust: 1.6
vendor:	cisco	model:	unified computing system manager 2.2	scope:	lt	version:	-	Trust: 1.2
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1t\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(3c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(4b\)	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1\(1.160\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(4j\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(1i\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(1t\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(1w\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.0_base	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(1x\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3e\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.1\(1f\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(4d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1q\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1g\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(3m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1p\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(5c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1o\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2_base	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1n\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0_base	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(3s\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(3l\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(1s\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(1e\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.2\(1d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.1_base	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(4c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.2_base	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1\(1.86\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1y\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(2q\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(2c\)a	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(2m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(1m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4_base	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.1\(1e\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(4k\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(1m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(2r\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3f\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.1\(1m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3\(1w\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(1c\)	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(4b\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(1d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1e\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(1q\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(4a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.1_base	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1f\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.0\(2k\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(1j\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(3q\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3g\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.4\(3i\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(2d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.3_base	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1h\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system software	scope:	lt	version:	3.0	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	eq	version:	3.0(2e)	Trust: 0.8
vendor:	cisco	model:	unified computing system manager 2.2 )	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified computing system manager 3.0	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	fx-os for firepower series	scope:	eq	version:	9000<1.1.2	Trust: 0.6
vendor:	cisco	model:	ucs manager 2.2	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	ucs manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	eq	version:	90001.1(1.160)	Trust: 0.3
vendor:	cisco	model:	ucs manager 3.0	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	ne	version:	90001.1.2	Trust: 0.3

sources: CNVD: CNVD-2016-00776 // BID: 81302 // JVNDB: JVNDB-2015-006853 // CNNVD: CNNVD-201601-601 // NVD: CVE-2015-6435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6435
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-6435
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-00776
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-601
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-84396
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6435
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00776
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84396
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6435
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-00776 // VULHUB: VHN-84396 // JVNDB: JVNDB-2015-006853 // CNNVD: CNNVD-201601-601 // NVD: CVE-2015-6435

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-84396 // JVNDB: JVNDB-2015-006853 // NVD: CVE-2015-6435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-601

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201601-601

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006853

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-84396

PATCH

title:	cisco-sa-20160120-ucsm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm	Trust: 0.8
title:	Patch for Cisco Unified Computing SystemManager and FX-OS for Firepower 9000 Series Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/71072	Trust: 0.6
title:	Cisco Unified Computing System Manager and FX-OS for Firepower 9000 Series Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59919	Trust: 0.6

sources: CNVD: CNVD-2016-00776 // JVNDB: JVNDB-2015-006853 // CNNVD: CNNVD-201601-601

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6435	Trust: 3.4
db:	SECTRACK	id:	1034743	Trust: 1.7
db:	PACKETSTORM	id:	160991	Trust: 1.7
db:	BID	id:	81302	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-006853	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-601	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00776	Trust: 0.6
db:	CXSECURITY	id:	WLB-2021010137	Trust: 0.6
db:	VULHUB	id:	VHN-84396	Trust: 0.1

sources: CNVD: CNVD-2016-00776 // VULHUB: VHN-84396 // BID: 81302 // JVNDB: JVNDB-2015-006853 // CNNVD: CNNVD-201601-601 // NVD: CVE-2015-6435

REFERENCES

url:	http://packetstormsecurity.com/files/160991/cisco-ucs-manager-2.2-1d-remote-command-execution.html	Trust: 2.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160120-ucsm	Trust: 2.0
url:	http://www.securitytracker.com/id/1034743	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6435	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6435	Trust: 0.8
url:	http://www.securityfocus.com/bid/81302	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2021010137	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-00776 // VULHUB: VHN-84396 // BID: 81302 // JVNDB: JVNDB-2015-006853 // CNNVD: CNNVD-201601-601 // NVD: CVE-2015-6435

CREDITS

liquidsky

Trust: 0.6

sources: CNNVD: CNNVD-201601-601

SOURCES

db:	CNVD	id:	CNVD-2016-00776
db:	VULHUB	id:	VHN-84396
db:	BID	id:	81302
db:	JVNDB	id:	JVNDB-2015-006853
db:	CNNVD	id:	CNNVD-201601-601
db:	NVD	id:	CVE-2015-6435

LAST UPDATE DATE

2024-11-23T22:27:03.348000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00776	date:	2016-02-03T00:00:00
db:	VULHUB	id:	VHN-84396	date:	2016-12-07T00:00:00
db:	BID	id:	81302	date:	2016-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-006853	date:	2016-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201601-601	date:	2021-01-19T00:00:00
db:	NVD	id:	CVE-2015-6435	date:	2024-11-21T02:34:59.503

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00776	date:	2016-02-03T00:00:00
db:	VULHUB	id:	VHN-84396	date:	2016-01-22T00:00:00
db:	BID	id:	81302	date:	2016-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-006853	date:	2016-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201601-601	date:	2016-01-25T00:00:00
db:	NVD	id:	CVE-2015-6435	date:	2016-01-22T11:59:01.473