CVE-2015-6435: OS Command Injection
First published: Fri Jan 22 2016(Updated: )
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Extensible Operating System | =1.1\(1.86\) | |
| Cisco Firepower Extensible Operating System | =1.1\(1.160\) | |
| Cisco Firepower Extensible Operating System | =1.1.1 | |
| Cisco Unified Computing System software | =1.0\(2k\) | |
| Cisco Unified Computing System software | =1.0_base | |
| Cisco Unified Computing System software | =1.1\(1m\) | |
| Cisco Unified Computing System software | =1.1_base | |
| Cisco Unified Computing System software | =1.2\(1d\) | |
| Cisco Unified Computing System software | =1.2_base | |
| Cisco Unified Computing System software | =1.3\(1c\) | |
| Cisco Unified Computing System software | =1.3\(1m\) | |
| Cisco Unified Computing System software | =1.3\(1n\) | |
| Cisco Unified Computing System software | =1.3\(1o\) | |
| Cisco Unified Computing System software | =1.3\(1p\) | |
| Cisco Unified Computing System software | =1.3\(1q\) | |
| Cisco Unified Computing System software | =1.3\(1t\) | |
| Cisco Unified Computing System software | =1.3\(1w\) | |
| Cisco Unified Computing System software | =1.3\(1y\) | |
| Cisco Unified Computing System software | =1.3_base | |
| Cisco Unified Computing System software | =1.4\(1i\) | |
| Cisco Unified Computing System software | =1.4\(1j\) | |
| Cisco Unified Computing System software | =1.4\(1m\) | |
| Cisco Unified Computing System software | =1.4\(3i\) | |
| Cisco Unified Computing System software | =1.4\(3l\) | |
| Cisco Unified Computing System software | =1.4\(3m\) | |
| Cisco Unified Computing System software | =1.4\(3q\) | |
| Cisco Unified Computing System software | =1.4\(3s\) | |
| Cisco Unified Computing System software | =1.4\(3u\) | |
| Cisco Unified Computing System software | =1.4\(3y\) | |
| Cisco Unified Computing System software | =1.4\(4f\) | |
| Cisco Unified Computing System software | =1.4\(4g\) | |
| Cisco Unified Computing System software | =1.4\(4i\) | |
| Cisco Unified Computing System software | =1.4\(4j\) | |
| Cisco Unified Computing System software | =1.4\(4k\) | |
| Cisco Unified Computing System software | =1.4_base | |
| Cisco Unified Computing System software | =2.0\(1m\) | |
| Cisco Unified Computing System software | =2.0\(1q\) | |
| Cisco Unified Computing System software | =2.0\(1s\) | |
| Cisco Unified Computing System software | =2.0\(1t\) | |
| Cisco Unified Computing System software | =2.0\(1w\) | |
| Cisco Unified Computing System software | =2.0\(1x\) | |
| Cisco Unified Computing System software | =2.0\(2m\) | |
| Cisco Unified Computing System software | =2.0\(2q\) | |
| Cisco Unified Computing System software | =2.0\(2r\) | |
| Cisco Unified Computing System software | =2.0\(3a\) | |
| Cisco Unified Computing System software | =2.0\(3b\) | |
| Cisco Unified Computing System software | =2.0\(3c\) | |
| Cisco Unified Computing System software | =2.0\(4a\) | |
| Cisco Unified Computing System software | =2.0\(4b\) | |
| Cisco Unified Computing System software | =2.0\(4d\) | |
| Cisco Unified Computing System software | =2.0\(5a\) | |
| Cisco Unified Computing System software | =2.0\(5b\) | |
| Cisco Unified Computing System software | =2.0\(5c\) | |
| Cisco Unified Computing System software | =2.0_base | |
| Cisco Unified Computing System software | =2.1\(1a\) | |
| Cisco Unified Computing System software | =2.1\(1b\) | |
| Cisco Unified Computing System software | =2.1\(1d\) | |
| Cisco Unified Computing System software | =2.1\(1e\) | |
| Cisco Unified Computing System software | =2.1\(1f\) | |
| Cisco Unified Computing System software | =2.1\(2a\) | |
| Cisco Unified Computing System software | =2.1_base | |
| Cisco Unified Computing System software | =2.2\(1b\) | |
| Cisco Unified Computing System software | =2.2\(1c\) | |
| Cisco Unified Computing System software | =2.2\(1d\) | |
| Cisco Unified Computing System software | =2.2\(1e\) | |
| Cisco Unified Computing System software | =2.2\(1f\) | |
| Cisco Unified Computing System software | =2.2\(1g\) | |
| Cisco Unified Computing System software | =2.2\(1h\) | |
| Cisco Unified Computing System software | =2.2\(2c\) | |
| Cisco Unified Computing System software | =2.2\(2c\)a | |
| Cisco Unified Computing System software | =2.2\(3a\) | |
| Cisco Unified Computing System software | =2.2\(3b\) | |
| Cisco Unified Computing System software | =2.2\(3c\) | |
| Cisco Unified Computing System software | =2.2\(3d\) | |
| Cisco Unified Computing System software | =2.2\(3e\) | |
| Cisco Unified Computing System software | =2.2\(3f\) | |
| Cisco Unified Computing System software | =2.2\(3g\) | |
| Cisco Unified Computing System software | =2.2\(4b\) | |
| Cisco Unified Computing System software | =2.2\(4c\) | |
| Cisco Unified Computing System software | =2.2\(5a\) | |
| Cisco Unified Computing System software | =2.2_base | |
| Cisco Unified Computing System software | =3.0\(1c\) | |
| Cisco Unified Computing System software | =3.0\(1d\) | |
| Cisco Unified Computing System software | =3.0\(1e\) | |
| Cisco Unified Computing System software | =3.0\(2c\) | |
| Cisco Unified Computing System software | =3.0\(2d\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6435?
CVE-2015-6435 is classified as a critical severity vulnerability due to its ability to allow remote attackers to execute arbitrary commands.
How do I fix CVE-2015-6435?
To fix CVE-2015-6435, update the affected Cisco software to a version that is patched, specifically Firepower 9000 devices and UCS Manager versions 2.2(5a) or later, and 3.0(2e) or later.
Which Cisco products are affected by CVE-2015-6435?
CVE-2015-6435 affects Cisco Firepower 9000 devices and multiple versions of Cisco Unified Computing System (UCS) Manager.
How can I determine if my Cisco system is vulnerable to CVE-2015-6435?
To determine if your system is vulnerable to CVE-2015-6435, check if you are running Cisco FX-OS versions prior to 1.1.2 or UCS Manager versions listed in the vulnerability details.
Are there any workarounds for CVE-2015-6435?
There are no known workarounds for CVE-2015-6435 other than applying the available patches to affected Cisco products.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco firepower extensible operating system
- version/cisco firepower extensible operating system/1.1\(1.86\)
- version/cisco firepower extensible operating system/1.1\(1.160\)
- version/cisco firepower extensible operating system/1.1.1
- canonical/cisco unified computing system software
- version/cisco unified computing system software/1.0\(2k\)
- version/cisco unified computing system software/1.0_base
- version/cisco unified computing system software/1.1\(1m\)
- version/cisco unified computing system software/1.1_base
- version/cisco unified computing system software/1.2\(1d\)
- version/cisco unified computing system software/1.2_base
- version/cisco unified computing system software/1.3\(1c\)
- version/cisco unified computing system software/1.3\(1m\)
- version/cisco unified computing system software/1.3\(1n\)
- version/cisco unified computing system software/1.3\(1o\)
- version/cisco unified computing system software/1.3\(1p\)
- version/cisco unified computing system software/1.3\(1q\)
- version/cisco unified computing system software/1.3\(1t\)
- version/cisco unified computing system software/1.3\(1w\)
- version/cisco unified computing system software/1.3\(1y\)
- version/cisco unified computing system software/1.3_base
- version/cisco unified computing system software/1.4\(1i\)
- version/cisco unified computing system software/1.4\(1j\)
- version/cisco unified computing system software/1.4\(1m\)
- version/cisco unified computing system software/1.4\(3i\)
- version/cisco unified computing system software/1.4\(3l\)
- version/cisco unified computing system software/1.4\(3m\)
- version/cisco unified computing system software/1.4\(3q\)
- version/cisco unified computing system software/1.4\(3s\)
- version/cisco unified computing system software/1.4\(3u\)
- version/cisco unified computing system software/1.4\(3y\)
- version/cisco unified computing system software/1.4\(4f\)
- version/cisco unified computing system software/1.4\(4g\)
- version/cisco unified computing system software/1.4\(4i\)
- version/cisco unified computing system software/1.4\(4j\)
- version/cisco unified computing system software/1.4\(4k\)
- version/cisco unified computing system software/1.4_base
- version/cisco unified computing system software/2.0\(1m\)
- version/cisco unified computing system software/2.0\(1q\)
- version/cisco unified computing system software/2.0\(1s\)
- version/cisco unified computing system software/2.0\(1t\)
- version/cisco unified computing system software/2.0\(1w\)
- version/cisco unified computing system software/2.0\(1x\)
- version/cisco unified computing system software/2.0\(2m\)
- version/cisco unified computing system software/2.0\(2q\)
- version/cisco unified computing system software/2.0\(2r\)
- version/cisco unified computing system software/2.0\(3a\)
- version/cisco unified computing system software/2.0\(3b\)
- version/cisco unified computing system software/2.0\(3c\)
- version/cisco unified computing system software/2.0\(4a\)
- version/cisco unified computing system software/2.0\(4b\)
- version/cisco unified computing system software/2.0\(4d\)
- version/cisco unified computing system software/2.0\(5a\)
- version/cisco unified computing system software/2.0\(5b\)
- version/cisco unified computing system software/2.0\(5c\)
- version/cisco unified computing system software/2.0_base
- version/cisco unified computing system software/2.1\(1a\)
- version/cisco unified computing system software/2.1\(1b\)
- version/cisco unified computing system software/2.1\(1d\)
- version/cisco unified computing system software/2.1\(1e\)
- version/cisco unified computing system software/2.1\(1f\)
- version/cisco unified computing system software/2.1\(2a\)
- version/cisco unified computing system software/2.1_base
- version/cisco unified computing system software/2.2\(1b\)
- version/cisco unified computing system software/2.2\(1c\)
- version/cisco unified computing system software/2.2\(1d\)
- version/cisco unified computing system software/2.2\(1e\)
- version/cisco unified computing system software/2.2\(1f\)
- version/cisco unified computing system software/2.2\(1g\)
- version/cisco unified computing system software/2.2\(1h\)
- version/cisco unified computing system software/2.2\(2c\)
- version/cisco unified computing system software/2.2\(2c\)a
- version/cisco unified computing system software/2.2\(3a\)
- version/cisco unified computing system software/2.2\(3b\)
- version/cisco unified computing system software/2.2\(3c\)
- version/cisco unified computing system software/2.2\(3d\)
- version/cisco unified computing system software/2.2\(3e\)
- version/cisco unified computing system software/2.2\(3f\)
- version/cisco unified computing system software/2.2\(3g\)
- version/cisco unified computing system software/2.2\(4b\)
- version/cisco unified computing system software/2.2\(4c\)
- version/cisco unified computing system software/2.2\(5a\)
- version/cisco unified computing system software/2.2_base
- version/cisco unified computing system software/3.0\(1c\)
- version/cisco unified computing system software/3.0\(1d\)
- version/cisco unified computing system software/3.0\(1e\)
- version/cisco unified computing system software/3.0\(2c\)
- version/cisco unified computing system software/3.0\(2d\)