Server-Side Request Forgery Vulnerability in Cisco UCS Central Software
CVE-2015-6388

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Computing System Central Software
Vendor: CVE Published:; 5 December 2015

What is CVE-2015-6388?

The vulnerability in Cisco Unified Computing System (UCS) Central software version 1.3(0.1) allows remote attackers to exploit server-side request forgery (SSRF) attacks by sending maliciously crafted requests. This security flaw could enable attackers to access internal services that are otherwise protected, potentially compromising sensitive data and disrupting service functionality.

References

http://www.securitytracker.com/id/1034380

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/78870

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2015
Vulnerability Reserved
Aug 17, 2015