This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2016-09-22
Product Cloud Services Platform 2100 Last view 2016-09-22
Version 2.0.0_base Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:cloud_services_platform_2100

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2016-09-22 CVE-2016-6374

Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.

7.2 2016-09-22 CVE-2016-6373

The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
50% (1) CWE-20 Improper Input Validation

Snort® IPS/IDS

Date Description
2016-09-22 Cisco Cloud Services Platform dnslookup command injection attempt
RuleID : 40257 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2016-10-13 Name: The remote network virtual services management device is affected by multiple...
File: cisco-sa-20160921-csp2100.nasl - Type: ACT_GATHER_INFO