Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unified_computing_system
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-11-30 | CVE-2017-12331 | A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit.... | Nx\-Os, Unified_computing_system | 6.7 | ||
| 2016-09-18 | CVE-2016-6402 | UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. | Unified_computing_system | 7.8 | ||
| 2015-12-12 | CVE-2015-6415 | Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. | Unified_computing_system | N/A | ||
| 2015-11-04 | CVE-2015-6355 | The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | Unified_computing_system | N/A | ||
| 2015-07-20 | CVE-2015-4279 | The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. | Unified_computing_system | N/A | ||
| 2015-07-10 | CVE-2015-4259 | The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. | Unified_computing_system | N/A | ||
| 2015-06-17 | CVE-2015-4183 | Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | Unified_computing_system | N/A | ||
| 2016-03-03 | CVE-2015-0718 | Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. | Nx\-Os, Nx\-Os_1000v_switch, Unified_computing_system | 7.5 | ||
| 2015-02-26 | CVE-2015-0633 | The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. | Unified_computing_system | N/A | ||
| 2015-02-03 | CVE-2015-0599 | The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | Unified_computing_system | N/A |