CVE-2016-6374

Опубликовано: 22 сент. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
Vendor Advisory
http://www.securityfocus.com/bid/93095
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036864
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
Vendor Advisory
http://www.securityfocus.com/bid/93095
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036864
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:cloud_services_platform_2100:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05617

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-cp32-r62f-3wgq