VIR Vulnerability Intelligence Relay

CVE-2015-6259

critical
Published 2015-09-04 · Modified 2026-05-06
CVSS v3
CVSS v2
9.4
VIR risk
9.4

Description

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

Application impact
VendorProductVersionsFixed
cisco ciscointegrated_management_controller_supervisor{"endIncluding":"1.0.0.0"}
cisco ciscounified_computing_system_director{"endIncluding":"5.2.0.0"}
cisco ciscounified_computing_system_director3.4_base
cisco ciscounified_computing_system_director4.0_base
cisco ciscounified_computing_system_director4.1_base
cisco ciscounified_computing_system_director5.0.0.0
cisco ciscounified_computing_system_director5.0.0.1
cisco ciscounified_computing_system_director5.0.0.2
cisco ciscounified_computing_system_director5.0.0.3
cisco ciscounified_computing_system_director5.1.0.0
cisco ciscounified_computing_system_director5.1.0.1

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.