Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unified_computing_system
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-21 | CVE-2019-1883 | A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted... | Integrated_management_controller_supervisor, Unified_computing_system | 7.8 | ||
| 2019-08-21 | CVE-2019-1885 | A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit... | Integrated_management_controller_supervisor, Unified_computing_system | 7.2 | ||
| 2019-08-21 | CVE-2019-1896 | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful... | Integrated_management_controller_supervisor, Unified_computing_system | 7.2 | ||
| 2019-08-21 | CVE-2019-1900 | A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could... | Integrated_management_controller_supervisor, Unified_computing_system | 7.5 | ||
| 2019-06-20 | CVE-2019-1628 | A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. An exploit could allow the attacker to cause a buffer overflow, resulting in a process crash and DoS condition... | Integrated_management_controller, Unified_computing_system | 5.5 | ||
| 2016-01-22 | CVE-2015-6435 | An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | Firepower_extensible_operating_system, Unified_computing_system | 9.8 | ||
| 2020-09-23 | CVE-2019-1736 | A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot.... | Fmc1000\-K9_bios, Fmc1000\-K9_firmware, Fmc2500\-K9_bios, Fmc2500\-K9_firmware, Fmc4500\-K9_bios, Fmc4500\-K9_firmware, Identity_services_engine, Sns\-3515\-K9_bios, Sns\-3515\-K9_firmware, Sns\-3595\-K9_bios, Sns\-3595\-K9_firmware, Sns\-3615\-K9_bios, Sns\-3615\-K9_firmware, Sns\-3655\-K9_bios, Sns\-3655\-K9_firmware, Sns\-3695\-K9_bios, Sns\-3695\-K9_firmware, Tg5004\-K9\-Rf_bios, Tg5004\-K9\-Rf_firmware, Tg5004\-K9_bios, Tg5004\-K9_firmware, Unified_computing_system | 6.6 | ||
| 2019-08-30 | CVE-2019-1966 | A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and... | Nx\-Os, Unified_computing_system | 7.8 | ||
| 2019-08-21 | CVE-2019-1908 | A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks. | Integrated_management_controller_supervisor, Unified_computing_system | 7.5 | ||
| 2019-08-21 | CVE-2019-1907 | A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only... | Integrated_management_controller_supervisor, Unified_computing_system | 8.8 |