Unified Computing System Security Vulnerabilities
The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID...
7.1AI Score
0.0004EPSS
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID...
6.8AI Score
0.0004EPSS
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID...
7AI Score
0.0004EPSS
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID...
6.8AI Score
0.002EPSS
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID...
6.6AI Score
0.001EPSS
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID...
6.9AI Score
0.002EPSS
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID...
7.9AI Score
0.004EPSS
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID...
7.3AI Score
0.0004EPSS
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID...
7.9AI Score
0.004EPSS
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID...
6.9AI Score
0.002EPSS
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID...
6.7AI Score
0.003EPSS
Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID...
7.2AI Score
0.004EPSS
MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID...
6.4AI Score
0.0004EPSS
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID...
6.7AI Score
0.0004EPSS
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID....
6AI Score
0.001EPSS
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID...
6.4AI Score
0.001EPSS
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID...
6.3AI Score
0.0004EPSS
The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID...
6.5AI Score
0.001EPSS
Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID...
7AI Score
0.002EPSS
The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID...
6.9AI Score
0.001EPSS
Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and...
6.7AI Score
0.0004EPSS