What is CVE-2015-6435?

CVE-2015-6435 is a critical-severity vulnerability in Cisco Firepower_extensible_operating_system, classified under OS Command Injection. CVSS score: 9.8/10. Published 2016-01-22.

How severe is CVE-2015-6435?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Cisco Firepower_extensible_operating_system

CVE-2015-6435

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary she…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.160 (94.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Firepower_extensible_operating_system — versions 1.1\(1.86\), 1.1\(1.160\), 1.1.1
Cisco Unified_computing_system — versions 1.0\(2k\), 1.0_base, 1.1\(1m\)
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

1034743 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20160120 Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2015-6435?: CVE-2015-6435 is a critical-severity vulnerability in Cisco Firepower_extensible_operating_system, classified under OS Command Injection. CVSS score: 9.8/10. Published 2016-01-22.
How severe is CVE-2015-6435?: Critical severity. CVSS v3 base score is 9.8 out of 10.