VIR Vulnerability Intelligence Relay

CVE-2015-6435

critical
Published 2016-01-22 · Modified 2026-05-06
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
10.0
VIR risk
9.8

Description

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm

Application impact
VendorProductVersionsFixed
cisco ciscounified_computing_system1.0\(2k\)
cisco ciscounified_computing_system1.0_base
cisco ciscounified_computing_system1.1\(1m\)
cisco ciscounified_computing_system1.1_base
cisco ciscounified_computing_system1.2\(1d\)
cisco ciscounified_computing_system1.2_base
cisco ciscounified_computing_system1.3\(1c\)
cisco ciscounified_computing_system1.3\(1m\)
cisco ciscounified_computing_system1.3\(1n\)
cisco ciscounified_computing_system1.3\(1o\)
cisco ciscounified_computing_system1.3\(1p\)
cisco ciscounified_computing_system1.3\(1q\)
cisco ciscounified_computing_system1.3\(1t\)
cisco ciscounified_computing_system1.3\(1w\)
cisco ciscounified_computing_system1.3\(1y\)
cisco ciscounified_computing_system1.3_base
cisco ciscounified_computing_system1.4\(1i\)
cisco ciscounified_computing_system1.4\(1j\)
cisco ciscounified_computing_system1.4\(1m\)
cisco ciscounified_computing_system1.4\(3i\)
cisco ciscounified_computing_system1.4\(3l\)
cisco ciscounified_computing_system1.4\(3m\)
cisco ciscounified_computing_system1.4\(3q\)
cisco ciscounified_computing_system1.4\(3s\)
cisco ciscounified_computing_system1.4\(3u\)
cisco ciscounified_computing_system1.4\(3y\)
cisco ciscounified_computing_system1.4\(4f\)
cisco ciscounified_computing_system1.4\(4g\)
cisco ciscounified_computing_system1.4\(4i\)
cisco ciscounified_computing_system1.4\(4j\)
cisco ciscounified_computing_system1.4\(4k\)
cisco ciscounified_computing_system1.4_base
cisco ciscounified_computing_system2.0\(1m\)
cisco ciscounified_computing_system2.0\(1q\)
cisco ciscounified_computing_system2.0\(1s\)
cisco ciscounified_computing_system2.0\(1t\)
cisco ciscounified_computing_system2.0\(1w\)
cisco ciscounified_computing_system2.0\(1x\)
cisco ciscounified_computing_system2.0\(2m\)
cisco ciscounified_computing_system2.0\(2q\)
cisco ciscounified_computing_system2.0\(2r\)
cisco ciscounified_computing_system2.0\(3a\)
cisco ciscounified_computing_system2.0\(3b\)
cisco ciscounified_computing_system2.0\(3c\)
cisco ciscounified_computing_system2.0\(4a\)
cisco ciscounified_computing_system2.0\(4b\)
cisco ciscounified_computing_system2.0\(4d\)
cisco ciscounified_computing_system2.0\(5a\)
cisco ciscounified_computing_system2.0\(5b\)
cisco ciscounified_computing_system2.0\(5c\)
cisco ciscounified_computing_system2.0_base
cisco ciscounified_computing_system2.1\(1a\)
cisco ciscounified_computing_system2.1\(1b\)
cisco ciscounified_computing_system2.1\(1d\)
cisco ciscounified_computing_system2.1\(1e\)
cisco ciscounified_computing_system2.1\(1f\)
cisco ciscounified_computing_system2.1\(2a\)
cisco ciscounified_computing_system2.1_base
cisco ciscounified_computing_system2.2\(1b\)
cisco ciscounified_computing_system2.2\(1c\)
cisco ciscounified_computing_system2.2\(1d\)
cisco ciscounified_computing_system2.2\(1e\)
cisco ciscounified_computing_system2.2\(1f\)
cisco ciscounified_computing_system2.2\(1g\)
cisco ciscounified_computing_system2.2\(1h\)
cisco ciscounified_computing_system2.2\(2c\)
cisco ciscounified_computing_system2.2\(2c\)a
cisco ciscounified_computing_system2.2\(3a\)
cisco ciscounified_computing_system2.2\(3b\)
cisco ciscounified_computing_system2.2\(3c\)
cisco ciscounified_computing_system2.2\(3d\)
cisco ciscounified_computing_system2.2\(3e\)
cisco ciscounified_computing_system2.2\(3f\)
cisco ciscounified_computing_system2.2\(3g\)
cisco ciscounified_computing_system2.2\(4b\)
cisco ciscounified_computing_system2.2\(4c\)
cisco ciscounified_computing_system2.2\(5a\)
cisco ciscounified_computing_system2.2_base
cisco ciscounified_computing_system3.0\(1c\)
cisco ciscounified_computing_system3.0\(1d\)
cisco ciscounified_computing_system3.0\(1e\)
cisco ciscounified_computing_system3.0\(2c\)
cisco ciscounified_computing_system3.0\(2d\)

References

CWEs

CWE-78

Verify integrity in audit chain (admin only). AS-IS.