Vulnslist

find the latest Cisco vulnerabilities

Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

cisco-sa-20160921-csp2100-2 · High · Published · Updated

A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-6374
Cisco Bug IDsCSCuz89093
CVSS ScoreBase 7.5
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Cloud Services Platform 2100, Cisco Cloud Services Platforms

Related Products

Product CVE Evidence
Cisco Cloud Services Platforms CVE-2016-6374 Cisco OpenVuln
Cisco Cloud Services Platform 2100 CVE-2016-6374 Cisco OpenVuln