Vulnerability Details : CVE-2016-6402
UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.
Exploit prediction scoring system (EPSS) score for CVE-2016-6402
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6402
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-6402
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6402
-
http://www.securitytracker.com/id/1036831
Cisco Unified Computing System CLI Interface Flaw Lets Local Users Obtain Root Privileges - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs
Cisco Unified Computing System Command Line Interface Privilege Escalation VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/92956
Cisco Unified Computing System CVE-2016-6402 Local Privilege Escalation Vulnerability
Products affected by CVE-2016-6402
- cpe:2.3:a:cisco:unified_computing_system:2.2\(3b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(5b\)a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:3.0\(1e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:3.0\(1d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(3e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(3d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(1f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(1e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:3.0\(2d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:3.0\(2c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(3g\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(3f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(1h\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(1g\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:3.0\(1c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(5a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(3c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(1d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(1c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(1b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(4c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(4b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(3a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(2c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(2c\)a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(2e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:2.2\(2d\):*:*:*:*:*:*:*