Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-6374 |
CWE-ID | CWE-77 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco Cloud Services Platform 2100 Server applications / Other server solutions |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU635
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6374
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to cause arbitrary command execution on the target system.
The weakness exists due to improper input validation. By sending specially crafted dnslookup request attacker can inject voluntary commands and execute arbitrary code.
Sucessful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update to 2.1.0.
Cisco Cloud Services Platform 2100: 2.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.