Skip to main content

Unified Computing System Central Software CVE-2015-4286

MEDIUM
Improper Input Validation (CWE-20)
2015-07-29 psirt@cisco.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 29, 2015 - 14:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.

AnalysisAI

The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. Affected products include: Cisco Unified Computing System Central Software.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-0701 CRITICAL
10.0 May 07

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP reque

CVE-2016-1352 CRITICAL
9.8 Apr 14

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary O

CVE-2018-0113 HIGH
8.8 Feb 08

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute ar

CVE-2018-0094 HIGH
7.5 Jan 18

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote

CVE-2014-0730 MEDIUM
6.8 Feb 22

Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI co

CVE-2016-1401 MEDIUM
6.1 May 21

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Sof

CVE-2017-12349 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2017-12348 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2015-6388 MEDIUM
5.0 Dec 05

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request fo

CVE-2015-6387 MEDIUM
4.3 Dec 05

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote

CVE-2021-1354 LOW
3.5 Feb 04

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could a

Share

CVE-2015-4286 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy