Vulnerability-Lookup

CVE-2015-0701 (GCVE-0-2015-0701)

Vulnerability from cvelistv5 – Published: 2015-05-07 01:00 – Updated: 2024-08-06 04:17

Summary

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

CNVD-2015-02920

Vulnerability from cnvd - Published: 2015-05-08

Title

Cisco UCS Central Software任意命令执行漏洞

Description

Cisco UCS Central Software是美国思科（Cisco）公司的一个集计算、虚拟化和网络于一体的软件平台。 Cisco UCS Central Software存在任意命令执行漏洞。允许未经身份验证的远程攻击者利用漏洞在受影响设备上执行任意命令。

Severity

高

Patch Name

Cisco UCS Central Software任意命令执行漏洞的补丁

Patch Description

Cisco UCS Central Software是美国思科（Cisco）公司的一个集计算、虚拟化和网络于一体的软件平台。 Cisco UCS Central Software存在任意命令执行漏洞。允许未经身份验证的远程攻击者利用漏洞在受影响设备上执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0701

Impacted products

Name
Cisco UCS Central Software < 1.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0701"
    }
  },
  "description": "Cisco UCS Central Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u96c6\u8ba1\u7b97\u3001\u865a\u62df\u5316\u548c\u7f51\u7edc\u4e8e\u4e00\u4f53\u7684\u8f6f\u4ef6\u5e73\u53f0\u3002\r\n\r\nCisco UCS Central Software\u5b58\u5728\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02920",
  "openTime": "2015-05-08",
  "patchDescription": "Cisco UCS Central Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u96c6\u8ba1\u7b97\u3001\u865a\u62df\u5316\u548c\u7f51\u7edc\u4e8e\u4e00\u4f53\u7684\u8f6f\u4ef6\u5e73\u53f0\u3002\r\n\r\nCisco UCS Central Software\u5b58\u5728\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco UCS Central Software\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco UCS Central Software \u003c 1.2"
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0701",
  "serverity": "\u9ad8",
  "submitTime": "2015-05-07",
  "title": "Cisco UCS Central Software\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

VAR-201505-0129

Vulnerability from variot - Updated: 2025-04-13 20:46

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. An attacker can exploit this issue to execute system commands on the underlying operating system. This issue being tracked by Cisco Bug ID CSCut46961

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0129",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.1_base"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.2\\(1e\\)"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.2\\(1f\\)"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.0_base"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.2\\(1a\\)"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.2\\(1d\\)"
      },
      {
        "model": "unified computing system central software 1.2",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system central software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.2"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "396510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "393510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "386510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "382510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "380510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "380110.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "371510.1.1"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "0"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.2"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "396510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "396510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "393510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "393510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "386510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "386510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "382510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "382510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "380510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "380510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "380110.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "380110.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "371510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "371510.1.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unified_computing_system_central_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "74491"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0701",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-0701",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-78647",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-0701",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-0701",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-028",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78647",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78647"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. \nAn attacker can exploit this issue to execute system commands on the underlying operating system. \nThis issue being tracked by Cisco Bug ID CSCut46961",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78647"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0701",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "74491",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1032267",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-78647",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78647"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "id": "VAR-201505-0129",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78647"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T20:46:30.695000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20150506-ucsc",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc"
      },
      {
        "title": "38591",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38591"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78647"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150506-ucsc"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74491"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032267"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0701"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0701"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38591"
      },
      {
        "trust": 0.3,
        "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-002-openssl/?q=cve-2015-3197\u0026l=en_us\u0026fs=search\u0026pn=1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78647"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-78647"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78647"
      },
      {
        "date": "2015-05-06T00:00:00",
        "db": "BID",
        "id": "74491"
      },
      {
        "date": "2015-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      },
      {
        "date": "2015-05-07T01:59:02.323000",
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78647"
      },
      {
        "date": "2016-07-21T02:00:00",
        "db": "BID",
        "id": "74491"
      },
      {
        "date": "2015-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      },
      {
        "date": "2015-05-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-0701"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002540"
      }
    ],
    "trust": 1.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-028"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-0701

Vulnerability from fkie_nvd - Published: 2015-05-07 01:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/74491
psirt@cisco.com	http://www.securitytracker.com/id/1032267
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74491
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032267

Impacted products

Vendor	Product	Version
cisco	unified_computing_system_central_software	1.0_base
cisco	unified_computing_system_central_software	1.1_base
cisco	unified_computing_system_central_software	1.2\(1a\)
cisco	unified_computing_system_central_software	1.2\(1d\)
cisco	unified_computing_system_central_software	1.2\(1e\)
cisco	unified_computing_system_central_software	1.2\(1f\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "21EA9F6B-5014-4E1E-84F8-02EB07548A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "284AD404-551C-4684-83FF-97CEBFDFE95C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF3498B-6033-4B50-96DF-33FB9EAA126D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "72C61CCB-F8F0-49E6-9C9D-A1A3DDBCEF3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8FBCE184-652F-4FF9-A5D4-C34B73AFB06C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1f\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "34791588-93E8-4C9D-B1FC-3F292E93D19B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961."
    },
    {
      "lang": "es",
      "value": "Cisco UCS Central Software en versiones anteriores a 1.3(1a) permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCut46961."
    }
  ],
  "id": "CVE-2015-0701",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-07T01:59:02.323",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/74491"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1032267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032267"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2015-AVI-205

Vulnerability from certfr_avis - Published: 2015-05-07 - Updated: 2015-05-07

Une vulnérabilité a été corrigée dans Cisco UCS Central Software. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco UCS Central Software versions antérieures à 1.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

GHSA-M3MC-F693-5X5J

Vulnerability from github – Published: 2022-05-17 03:44 – Updated: 2022-05-17 03:44

Details

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-07T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.",
  "id": "GHSA-m3mc-f693-5x5j",
  "modified": "2022-05-17T03:44:58Z",
  "published": "2022-05-17T03:44:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0701"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74491"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032267"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-0701

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Aliases

CVE-2015-0701

Aliases

CVE-2015-0701

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0701",
    "description": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.",
    "id": "GSD-2015-0701"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0701"
      ],
      "details": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.",
      "id": "GSD-2015-0701",
      "modified": "2023-12-13T01:19:58.851168Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-0701",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "74491",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74491"
          },
          {
            "name": "1032267",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032267"
          },
          {
            "name": "20150506 Cisco UCS Central Software Arbitrary Command Execution Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1d\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1e\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.2\\(1f\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_central_software:1.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0701"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150506 Cisco UCS Central Software Arbitrary Command Execution Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc"
            },
            {
              "name": "1032267",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032267"
            },
            {
              "name": "74491",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/74491"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-11-28T19:17Z",
      "publishedDate": "2015-05-07T01:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0701 (GCVE-0-2015-0701)

CNVD-2015-02920

VAR-201505-0129

FKIE_CVE-2015-0701

CERTFR-2015-AVI-205

Contournement provisoire

GHSA-M3MC-F693-5X5J

GSD-2015-0701

Tags

Sightings

Nomenclature