Remote code execution in Cisco Cloud Services Platform 2100 - CVE-2016-6373
Published: September 22, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU634
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2016-6373
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Cloud Services Platform 2100
Cisco Cloud Services Platform 2100
Detailed vulnerability description
The vulnerability allows a remote authenticated user to cause arbitrary code execution on the target system.
The weakness exists due to improper input validation. After submission of specially crafted files attacker can be authenticated as a root-privileges user that allows him to inject voluntary commands and execute arbitrary code.
Sucessful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to improper input validation. After submission of specially crafted files attacker can be authenticated as a root-privileges user that allows him to inject voluntary commands and execute arbitrary code.
Sucessful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-6373
Update to 2.1.0.