Sign-up

ID

VAR-201604-0558


CVE

CVE-2016-1352


TITLE

Cisco Unified Computing System Central Any in software OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-002105

DESCRIPTION

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. An attacker can exploit this issue to execute arbitrary commands on the underlying operating system. This issue being tracked by Cisco Bug ID CSCuv33856

Trust: 1.98

sources: NVD: CVE-2016-1352 // JVNDB: JVNDB-2016-002105 // BID: 86029 // VULHUB: VHN-90171

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system central softwarescope:eqversion:1.3\(0.1\)

Trust: 1.6

vendor:ciscomodel:unified computing system central softwarescope:lteversion:1.3(1b)

Trust: 0.8

sources: JVNDB: JVNDB-2016-002105 // CNNVD: CNNVD-201604-289 // NVD: CVE-2016-1352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1352
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1352
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201604-289
value: HIGH

Trust: 0.6

VULHUB: VHN-90171
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1352
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90171
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1352
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90171 // JVNDB: JVNDB-2016-002105 // CNNVD: CNNVD-201604-289 // NVD: CVE-2016-1352

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-90171 // JVNDB: JVNDB-2016-002105 // NVD: CVE-2016-1352

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-289

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201604-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002105

PATCH
title:cisco-sa-20160413-ucsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs
Trust: 0.8
title:Cisco UCS Central Software Fixes for arbitrary command execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60952
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002105 // 
            
            
            
            CNNVD: CNNVD-201604-289

EXTERNAL IDS
db:NVDid:CVE-2016-1352
Trust: 2.8
db:SECTRACKid:1035565
Trust: 1.1
db:JVNDBid:JVNDB-2016-002105
Trust: 0.8
db:CNNVDid:CNNVD-201604-289
Trust: 0.7
db:BIDid:86029
Trust: 0.4
db:VULHUBid:VHN-90171
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90171 // 
            
            
            
            BID: 86029 // 
            
            
            
            JVNDB: JVNDB-2016-002105 // 
            
            
            
            CNNVD: CNNVD-201604-289 // 
            
            
            
            NVD: CVE-2016-1352

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160413-ucs
Trust: 2.0
url:http://www.securitytracker.com/id/1035565
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1352
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1352
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90171 // 
            
            
            
            BID: 86029 // 
            
            
            
            JVNDB: JVNDB-2016-002105 // 
            
            
            
            CNNVD: CNNVD-201604-289 // 
            
            
            
            NVD: CVE-2016-1352

CREDITS
Gregory Draperi
Trust: 0.9
sources:
            
            
            BID: 86029 // 
            
            
            
            CNNVD: CNNVD-201604-289

SOURCES
db:VULHUBid:VHN-90171
db:BIDid:86029
db:JVNDBid:JVNDB-2016-002105
db:CNNVDid:CNNVD-201604-289
db:NVDid:CVE-2016-1352

LAST UPDATE DATE
2025-04-12T23:08:52.915000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90171date:2016-12-03T00:00:00
db:BIDid:86029date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-002105date:2016-04-19T00:00:00
db:CNNVDid:CNNVD-201604-289date:2016-04-15T00:00:00
db:NVDid:CVE-2016-1352date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90171date:2016-04-14T00:00:00
db:BIDid:86029date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-002105date:2016-04-19T00:00:00
db:CNNVDid:CNNVD-201604-289date:2016-04-14T00:00:00
db:NVDid:CVE-2016-1352date:2016-04-14T01:59:03.240