Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

Published

2016-09-18T22:59:11.550

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	unified_computing_system	2.2\(1b\)	Yes
Application	cisco	unified_computing_system	2.2\(1c\)	Yes
Application	cisco	unified_computing_system	2.2\(1d\)	Yes
Application	cisco	unified_computing_system	2.2\(1e\)	Yes
Application	cisco	unified_computing_system	2.2\(1f\)	Yes
Application	cisco	unified_computing_system	2.2\(1g\)	Yes
Application	cisco	unified_computing_system	2.2\(1h\)	Yes
Application	cisco	unified_computing_system	2.2\(2c\)	Yes
Application	cisco	unified_computing_system	2.2\(2c\)a	Yes
Application	cisco	unified_computing_system	2.2\(2d\)	Yes
Application	cisco	unified_computing_system	2.2\(2e\)	Yes
Application	cisco	unified_computing_system	2.2\(3a\)	Yes
Application	cisco	unified_computing_system	2.2\(3b\)	Yes
Application	cisco	unified_computing_system	2.2\(3c\)	Yes
Application	cisco	unified_computing_system	2.2\(3d\)	Yes
Application	cisco	unified_computing_system	2.2\(3e\)	Yes
Application	cisco	unified_computing_system	2.2\(3f\)	Yes
Application	cisco	unified_computing_system	2.2\(3g\)	Yes
Application	cisco	unified_computing_system	2.2\(4b\)	Yes
Application	cisco	unified_computing_system	2.2\(4c\)	Yes
Application	cisco	unified_computing_system	2.2\(5a\)	Yes
Application	cisco	unified_computing_system	2.2\(5b\)a	Yes
Application	cisco	unified_computing_system	2.2_base	Yes
Application	cisco	unified_computing_system	3.0\(1c\)	Yes
Application	cisco	unified_computing_system	3.0\(1d\)	Yes
Application	cisco	unified_computing_system	3.0\(1e\)	Yes
Application	cisco	unified_computing_system	3.0\(2c\)	Yes
Application	cisco	unified_computing_system	3.0\(2d\)	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/92956 ([email protected])
http://www.securitytracker.com/id/1036831 ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92956 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036831 (af854a3a-2127-422b-91ae-364da2661108)