What is the severity of CVE-2015-6259?

CVE-2015-6259 is classified as a critical vulnerability due to the potential for remote file writing by attackers.

How do I fix CVE-2015-6259?

To fix CVE-2015-6259, upgrade to Cisco Integrated Management Controller Supervisor version 1.0.0.1 or later, or UCS Director version 5.2.0.1 or later.

What components are affected by CVE-2015-6259?

CVE-2015-6259 affects Cisco Integrated Management Controller Supervisor versions prior to 1.0.0.1 and UCS Director versions prior to 5.2.0.1.

What type of attacks does CVE-2015-6259 allow?

CVE-2015-6259 allows remote attackers to write to arbitrary files on the affected systems.

Is there a workaround for CVE-2015-6259?

There is no documented workaround for CVE-2015-6259; the best mitigation is to update to the secure versions.

Vulnerability/
CVE-2015-6259

critical

9.4

CWE

4/9/2015

6/8/2024

CVE-2015-6259: Input Validation

First published: Fri Sep 04 2015(Updated: )

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Integrated Management Controller Supervisor	<=1.0.0.0
Cisco Unified Computing System Director	<=5.2.0.0
Cisco Unified Computing System Director	=3.4_base
Cisco Unified Computing System Director	=4.0_base
Cisco Unified Computing System Director	=4.1_base
Cisco Unified Computing System Director	=5.0.0.0
Cisco Unified Computing System Director	=5.0.0.1
Cisco Unified Computing System Director	=5.0.0.2
Cisco Unified Computing System Director	=5.0.0.3
Cisco Unified Computing System Director	=5.1.0.0
Cisco Unified Computing System Director	=5.1.0.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6259?
CVE-2015-6259 is classified as a critical vulnerability due to the potential for remote file writing by attackers.
How do I fix CVE-2015-6259?
To fix CVE-2015-6259, upgrade to Cisco Integrated Management Controller Supervisor version 1.0.0.1 or later, or UCS Director version 5.2.0.1 or later.
What components are affected by CVE-2015-6259?
CVE-2015-6259 affects Cisco Integrated Management Controller Supervisor versions prior to 1.0.0.1 and UCS Director versions prior to 5.2.0.1.
What type of attacks does CVE-2015-6259 allow?
CVE-2015-6259 allows remote attackers to write to arbitrary files on the affected systems.
Is there a workaround for CVE-2015-6259?
There is no documented workaround for CVE-2015-6259; the best mitigation is to update to the secure versions.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco integrated management controller supervisor
version/cisco integrated management controller supervisor/1.0.0.0
canonical/cisco unified computing system director
version/cisco unified computing system director/5.2.0.0
version/cisco unified computing system director/3.4_base
version/cisco unified computing system director/4.0_base
version/cisco unified computing system director/4.1_base
version/cisco unified computing system director/5.0.0.0
version/cisco unified computing system director/5.0.0.1
version/cisco unified computing system director/5.0.0.2
version/cisco unified computing system director/5.0.0.3
version/cisco unified computing system director/5.1.0.0
version/cisco unified computing system director/5.1.0.1