CVE-2015-6259

EUVD-2015-6201
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
ciscointegrated_management_controller_supervisor
𝑥
≤ 1.0.0.0
ciscounified_computing_system_director
𝑥
≤ 5.2.0.0
ciscounified_computing_system_director
3.4_base:_base
ciscounified_computing_system_director
4.0_base:_base
ciscounified_computing_system_director
4.1_base:_base
ciscounified_computing_system_director
5.0.0.0
ciscounified_computing_system_director
5.0.0.1
ciscounified_computing_system_director
5.0.0.2
ciscounified_computing_system_director
5.0.0.3
ciscounified_computing_system_director
5.1.0.0
ciscounified_computing_system_director
5.1.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs
http://www.securitytracker.com/id/1033451
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs
http://www.securitytracker.com/id/1033451