Command injection in Cisco Cloud Services Platform 2100 - CVE-2016-6374
Published: September 22, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU635
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2016-6374
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Cloud Services Platform 2100
Cisco Cloud Services Platform 2100
Detailed vulnerability description
The vulnerability allows a remote authenticated user to cause arbitrary command execution on the target system.
The weakness exists due to improper input validation. By sending specially crafted dnslookup request attacker can inject voluntary commands and execute arbitrary code.
Sucessful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to improper input validation. By sending specially crafted dnslookup request attacker can inject voluntary commands and execute arbitrary code.
Sucessful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-6374
Update to 2.1.0.