Vulnerability Details CVE-2016-1374
The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf
- http://www.securityfocus.com/bid/92044
- http://www.securitytracker.com/id/1036410
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf
- http://www.securityfocus.com/bid/92044
- http://www.securitytracker.com/id/1036410
Products affected by CVE-2016-1374
-
cpe:2.3:a:cisco:unified_computing_system_performance_manager:1.0_base
-
cpe:2.3:a:cisco:unified_computing_system_performance_manager:1.1.0
-
cpe:2.3:a:cisco:unified_computing_system_performance_manager:1.1.1
-
cpe:2.3:a:cisco:unified_computing_system_performance_manager:2.0.0