cvelistv5 - CVE-2015-4279

CVE-2015-4279 (GCVE-0-2015-4279)

Vulnerability from cvelistv5 – Published: 2015-07-20 23:00 – Updated: 2024-08-06 06:11

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1032999	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/viewAlert.…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/75953	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032999",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032999"
          },
          {
            "name": "20150720 Cisco UCS Manager Command-Line Interface Processor Arbitrary Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
          },
          {
            "name": "75953",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75953"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032999",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032999"
        },
        {
          "name": "20150720 Cisco UCS Manager Command-Line Interface Processor Arbitrary Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
        },
        {
          "name": "75953",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75953"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4279",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032999",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032999"
            },
            {
              "name": "20150720 Cisco UCS Manager Command-Line Interface Processor Arbitrary Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
            },
            {
              "name": "75953",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75953"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4279",
    "datePublished": "2015-07-20T23:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_computing_system:2.2\\\\(3b\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9068CA60-F05F-4C32-9828-5E13C981C39C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el componente Manager en Cisco Unified Computing System (UCS) 2.2 (3b) sobre los dispositivos B Blade Server permite a usuarios locales obtener privilegios para ejecutar comandos arbitrarios en la CLI mediante el aprovechamiento de acceso subordinado del Fabric Interconect, tambi\\u00e9n conocido como Bug ID CSCut32778.\"}]",
      "id": "CVE-2015-4279",
      "lastModified": "2024-11-21T02:30:45.433",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-07-20T23:59:04.690",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=39990\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/75953\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032999\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=39990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/75953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4279\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-07-20T23:59:04.690\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente Manager en Cisco Unified Computing System (UCS) 2.2 (3b) sobre los dispositivos B Blade Server permite a usuarios locales obtener privilegios para ejecutar comandos arbitrarios en la CLI mediante el aprovechamiento de acceso subordinado del Fabric Interconect, tambi\u00e9n conocido como Bug ID CSCut32778.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_computing_system:2.2\\\\(3b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9068CA60-F05F-4C32-9828-5E13C981C39C\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=39990\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75953\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1032999\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=39990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201507-0508

Vulnerability from variot - Updated: 2023-12-18 12:30

The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. Cisco Unified Computing System Manager is prone to a local arbitrary command-injection vulnerability because it fails to properly sanitize user-supplied input. A local attacker may leverage this issue to to inject and execute arbitrary commands, which could result in complete system compromise. This issue being tracked by Cisco Bug ID CSCut32778. Manager is one of the management components

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0508",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2\\(3b\\)"
      },
      {
        "model": "unified computing system",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.2(3b)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:2.2\\(3b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75953"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4279",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-4279",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-82240",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4279",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-661",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82240",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. Cisco Unified Computing System Manager is prone to a local arbitrary command-injection vulnerability because it fails to properly sanitize user-supplied input. \nA local attacker may leverage this issue to to inject and execute arbitrary commands, which could result in complete system compromise. \nThis issue being tracked by Cisco Bug ID  CSCut32778. Manager is one of the management components",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "db": "BID",
        "id": "75953"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82240"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4279",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "75953",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1032999",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-82240",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82240"
      },
      {
        "db": "BID",
        "id": "75953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ]
  },
  "id": "VAR-201507-0508",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82240"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:30:19.865000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39990",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39990"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39990"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/75953"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032999"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4279"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4279"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-manager/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82240"
      },
      {
        "db": "BID",
        "id": "75953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82240"
      },
      {
        "db": "BID",
        "id": "75953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82240"
      },
      {
        "date": "2015-07-20T00:00:00",
        "db": "BID",
        "id": "75953"
      },
      {
        "date": "2015-07-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "date": "2015-07-20T23:59:04.690000",
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "date": "2015-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82240"
      },
      {
        "date": "2015-07-20T00:00:00",
        "db": "BID",
        "id": "75953"
      },
      {
        "date": "2015-07-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      },
      {
        "date": "2017-09-22T01:29:16.267000",
        "db": "NVD",
        "id": "CVE-2015-4279"
      },
      {
        "date": "2015-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "75953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco UCS B series  Blade Server Runs on the device  Cisco Unified Computing System of  Manager Vulnerability gained privileges in components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003883"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-661"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-4279

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-4279

Aliases

CVE-2015-4279

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4279",
    "description": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.",
    "id": "GSD-2015-4279"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4279"
      ],
      "details": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.",
      "id": "GSD-2015-4279",
      "modified": "2023-12-13T01:19:59.780086Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4279",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032999",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032999"
          },
          {
            "name": "20150720 Cisco UCS Manager Command-Line Interface Processor Arbitrary Command Injection Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
          },
          {
            "name": "75953",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75953"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:2.2\\(3b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4279"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150720 Cisco UCS Manager Command-Line Interface Processor Arbitrary Command Injection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
            },
            {
              "name": "75953",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75953"
            },
            {
              "name": "1032999",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032999"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-22T01:29Z",
      "publishedDate": "2015-07-20T23:59Z"
    }
  }
}

FKIE_CVE-2015-4279

Vulnerability from fkie_nvd - Published: 2015-07-20 23:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39990	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/75953
psirt@cisco.com	http://www.securitytracker.com/id/1032999
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39990	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75953
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032999

Impacted products

	Vendor	Product	Version
	cisco	unified_computing_system	2.2\(3b\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2\\(3b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9068CA60-F05F-4C32-9828-5E13C981C39C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Manager en Cisco Unified Computing System (UCS) 2.2 (3b) sobre los dispositivos B Blade Server permite a usuarios locales obtener privilegios para ejecutar comandos arbitrarios en la CLI mediante el aprovechamiento de acceso subordinado del Fabric Interconect, tambi\u00e9n conocido como Bug ID CSCut32778."
    }
  ],
  "id": "CVE-2015-4279",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-20T23:59:04.690",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/75953"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1032999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032999"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J7J3-RX35-4W7H

Vulnerability from github – Published: 2022-05-17 00:48 – Updated: 2022-05-17 00:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-20T23:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.",
  "id": "GHSA-j7j3-rx35-4w7h",
  "modified": "2022-05-17T00:48:51Z",
  "published": "2022-05-17T00:48:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4279"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75953"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-04827

Vulnerability from cnvd - Published: 2015-07-24

Title

Cisco Unified Computing System Manager本地任意命令注入漏洞

Description

Cisco Unified Computing System Manager可对统一计算系统内的所有软硬件组件提供统一的、嵌入式管理。 Cisco Unified Computing System (UCS) 2.2(3b)的Manager组件存在本地任意命令注入漏洞，攻击者通过访问从属结构互联，可获取权限，执行任意CLI命令。

Severity

中

Patch Name

Cisco Unified Computing System Manager本地任意命令注入漏洞的补丁

Patch Description

Cisco Unified Computing System Manager可对统一计算系统内的所有软硬件组件提供统一的、嵌入式管理。Cisco Unified Computing System (UCS) 2.2(3b)的Manager组件存在本地任意命令注入漏洞，攻击者通过访问从属结构互联，可获取权限，执行任意CLI命令。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://tools.cisco.com/security/center/viewAlert.x?alertId=39990

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39990 http://www.nsfocus.net/vulndb/30494

Impacted products

Name
Cisco Unified Computing System (UCS) 2.2(3b)

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75953"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4279"
    }
  },
  "description": "Cisco Unified Computing System Manager\u53ef\u5bf9\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\u5185\u7684\u6240\u6709\u8f6f\u786c\u4ef6\u7ec4\u4ef6\u63d0\u4f9b\u7edf\u4e00\u7684\u3001\u5d4c\u5165\u5f0f\u7ba1\u7406\u3002\r\n\r\nCisco Unified Computing System (UCS) 2.2(3b)\u7684Manager\u7ec4\u4ef6\u5b58\u5728\u672c\u5730\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bbf\u95ee\u4ece\u5c5e\u7ed3\u6784\u4e92\u8054\uff0c\u53ef\u83b7\u53d6\u6743\u9650\uff0c\u6267\u884c\u4efb\u610fCLI\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39990",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04827",
  "openTime": "2015-07-24",
  "patchDescription": "Cisco Unified Computing System Manager\u53ef\u5bf9\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\u5185\u7684\u6240\u6709\u8f6f\u786c\u4ef6\u7ec4\u4ef6\u63d0\u4f9b\u7edf\u4e00\u7684\u3001\u5d4c\u5165\u5f0f\u7ba1\u7406\u3002Cisco Unified Computing System (UCS) 2.2(3b)\u7684Manager\u7ec4\u4ef6\u5b58\u5728\u672c\u5730\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bbf\u95ee\u4ece\u5c5e\u7ed3\u6784\u4e92\u8054\uff0c\u53ef\u83b7\u53d6\u6743\u9650\uff0c\u6267\u884c\u4efb\u610fCLI\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Computing System Manager\u672c\u5730\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Unified Computing System (UCS) 2.2(3b)"
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39990\r\nhttp://www.nsfocus.net/vulndb/30494",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-22",
  "title": "Cisco Unified Computing System Manager\u672c\u5730\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-4279 (GCVE-0-2015-4279)

VAR-201507-0508

GSD-2015-4279

FKIE_CVE-2015-4279

GHSA-J7J3-RX35-4W7H

CNVD-2015-04827

Tags

Sightings

Nomenclature