CVE-2015-6259
Severity Score
9.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
Vulnerabilidad en el componente JavaServer Pages (JSP) en Cisco Integrated Management Controller (IMC) Supervisor en versiones anteriores a 1.0.0.1 y UCS Director (anteriormente Cloupia Unified Infrastructure Controller) en versiones anteriores a 5.2.0.1, permite a atacantes remotos escribir en archivos arbitrarios a través de peticiones HTTP manipuladas, también conocida como Bug IDs CSCus36435 y CSCus62625.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-17 CVE Reserved
- 2015-09-04 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1033451 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs | 2016-12-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Integrated Management Controller Supervisor Search vendor "Cisco" for product "Integrated Management Controller Supervisor" | <= 1.0.0.0 Search vendor "Cisco" for product "Integrated Management Controller Supervisor" and version " <= 1.0.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | <= 5.2.0.0 Search vendor "Cisco" for product "Unified Computing System Director" and version " <= 5.2.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 3.4_base Search vendor "Cisco" for product "Unified Computing System Director" and version "3.4_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 4.0_base Search vendor "Cisco" for product "Unified Computing System Director" and version "4.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 4.1_base Search vendor "Cisco" for product "Unified Computing System Director" and version "4.1_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 5.0.0.0 Search vendor "Cisco" for product "Unified Computing System Director" and version "5.0.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 5.0.0.1 Search vendor "Cisco" for product "Unified Computing System Director" and version "5.0.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 5.0.0.2 Search vendor "Cisco" for product "Unified Computing System Director" and version "5.0.0.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 5.0.0.3 Search vendor "Cisco" for product "Unified Computing System Director" and version "5.0.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 5.1.0.0 Search vendor "Cisco" for product "Unified Computing System Director" and version "5.1.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Computing System Director Search vendor "Cisco" for product "Unified Computing System Director" | 5.1.0.1 Search vendor "Cisco" for product "Unified Computing System Director" and version "5.1.0.1" | - |
Affected
| ||||||