Skip to main content

Unified Computing System Central Software CVE-2015-6388

MEDIUM
2015-12-05 psirt@cisco.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 05, 2015 - 03:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.

AnalysisAI

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. Affected products include: Cisco Unified Computing System Central Software.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-0701 CRITICAL
10.0 May 07

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP reque

CVE-2016-1352 CRITICAL
9.8 Apr 14

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary O

CVE-2018-0113 HIGH
8.8 Feb 08

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute ar

CVE-2018-0094 HIGH
7.5 Jan 18

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote

CVE-2014-0730 MEDIUM
6.8 Feb 22

Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI co

CVE-2016-1401 MEDIUM
6.1 May 21

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Sof

CVE-2017-12349 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2017-12348 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2015-4286 MEDIUM
5.0 Jul 29

The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted

CVE-2015-6387 MEDIUM
4.3 Dec 05

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote

CVE-2021-1354 LOW
3.5 Feb 04

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could a

Share

CVE-2015-6388 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy