CVE-2015-6435

Name of the Vulnerable Software and Affected Versions Cisco FX-OS versions 1.1.1 and earlier Cisco Unified Computing System (UCS) Manager versions prior to 2.2(4b) Cisco Unified Computing System (UCS) Manager version 2.2(5) before 2.2(5a) Cisco Unified Computing System (UCS) Manager versions 3.0 before 3.0(2e)

Description The issue allows remote attackers to execute arbitrary shell commands via a crafted HTTP request. This is due to the failure to neutralize special elements used in the operating system command. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Cisco FX-OS version 1.1.1 and earlier, update to version 1.1.2 or later. For Cisco Unified Computing System (UCS) Manager versions prior to 2.2(4b), update to version 2.2(4b) or later. For Cisco Unified Computing System (UCS) Manager version 2.2(5) before 2.2(5a), update to version 2.2(5a) or later. For Cisco Unified Computing System (UCS) Manager versions 3.0 before 3.0(2e), update to version 3.0(2e) or later.