Cisco Unified Computing System Platform Emulator Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Platform Emulator could allow an authenticated, local attacker to perform a command injection attack. The vulnerability occurs because the affected system improperly handles ucspe-copy command-line arguments. An attacker could exploit this...

Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability

A vulnerability in Cisco Unified Computing System UCS Platform Emulator could allow an authenticated, local attacker to trigger a heap-based buffer overflow on a targeted system. The vulnerability occurs because the affected system improperly handles libclimeta.so filename arguments. An attacker...

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A security vulnerability exists in Cisco UCS Central Software version 1.31b and earlier. Due to the program failing to...

Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...

CVE-2015-0718

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System UCS platforms allows remote attackers to cause a denial of service TCP stack reload by sending crafted TCP packets to a device that has a TIMEWAIT TCP session, aka Bug ID CSCub70579...

Cisco Unified Computing System Manager Remote Command Execution Vulnerability (cisco-sa-20160120-ucsm)

A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...

Cisco Unified Computing System (UCS) Denial of Service Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. A security vulnerability exists in the SSH management interface of the Fabric Interconnect 6200 appliance. A remote attacker could cause a denial...

CVE-2015-6415

Cisco Unified Computing System UCS 2.23fA on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service CPU consumption or device outage via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Unified Computing System UCS Central Software 1.30.1 allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573...

CVE-2015-6387

The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...

Cisco WebEx for Android Security Patch

Cisco has been busy the last two days pushing out a patch and security advisories for a number of its products, including a fix for a remotely exploitable vulnerability in its WebEx Meetings mobile application for Android. Cisco said the vulnerability affects versions prior to 8.5.1 of the app, a...

Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

Cisco Unified Computing System (5b)A on blade servers information disclosure vulnerability

Cisco Unified Computing System is the U.S. Cisco Cisco company's a set of computing, virtualization and networking in one platform. An information disclosure vulnerability exists in Cisco Unified Computing System 2.25bA on blade servers. This allows remote attackers to obtain potentially sensitiv...

Cisco Unified Computing System Blade Server Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Unified Computing System UCS Blade Server could allow an unauthenticated, remote attacker to obtain information about the UCS software version. The vulnerability is due to the verbose output that is returned when a specific URL is submitted to an...

Cisco Unified Computing System Director Arbitrary File Write Vulnerability

The Cisco Unified Computing System simplifies IT management and improves agility by integrating unified computing, networking, storage access and virtualization into a single system. A security vulnerability in the Cisco Unified Computing System Director JSP file allows remote attackers to exploi...

CVE-2015-4259

Cisco UCS C-Series Servers IMC exposes a default SSL certificate, enabling MITM attacks by an attacker with knowledge of the private key. Affected product: Integrated Management Controller on UCS C servers running 1.5(3) or 1.6(0.16). Root cause: use of a default certificate that bypasses cryptog...

Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability

A vulnerability in the Cisco Integrated Management Controller of the Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL...

Cisco Unified Computing System Integrated Management Controller XSRF (CSCuq45477)

A vulnerability in the web framework of the Cisco Unified Computing System Integrated Management Controller can allow an unauthenticated, remote attacker to perform a cross-site request forgery attack. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid83183;...

CVE-2015-0633

The Integrated Management Controller IMC in Cisco Unified Computing System UCS 1.47h and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876...

Cisco Unified Computing System C-Series DHCP Message Handling Denial of Service Vulnerability

The Cisco Unified Computing System simplifies IT management and improves agility by integrating unified computing, networking, storage access and virtualization into a single system. The centralized management controller of the Cisco Unified Computing System Standalone failed to properly validate...