297 matches found
CVE-2020-26062
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication...
CVE-2020-26062 Cisco Integrated Management Controller Username Enumeration Vulnerability
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication...
CVE-2020-26062 Cisco Integrated Management Controller Username Enumeration Vulnerability
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication...
CVE-2020-26063 Cisco Integrated Management Controller Software Authorization Bypass Vulnerability
A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attack...
Cisco Integrated Management Controller Command Injection Vulnerability
Cisco Integrated Management Controller is the United States Cisco Cisco company's set of software for the management of UCS Unified Computing System. A command injection vulnerability exists in Cisco Integrated Management Controller. The vulnerability allows an authenticated attacker to perform a...
CVE-2024-20295
A vulnerability in the CLI of the Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or high...
CVE-2024-20295
CVE-2024-20295 describes a command-injection vulnerability in the Cisco Integrated Management Controller (IMC) CLI. The issue stems from insufficient validation of user-supplied input, allowing an authenticated, local attacker with read-only or higher privileges to submit crafted CLI commands and...
CVE-2024-20295
A vulnerability in the CLI of the Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or high...
CVE-2024-20295
A vulnerability in the CLI of the Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or high...
CVE-2024-20356
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability...
Cisco Integrated Management Controller 操作系统命令注入漏洞
Cisco Integrated Management Controller is the United States Cisco Cisco company's set of software for the management of UCS Unified Computing System. A command injection vulnerability exists in Cisco Integrated Management Controller. The vulnerability allows an authenticated attacker to perform a...
Cisco Integrated Management Controller 操作系统命令注入漏洞
Cisco Integrated Management Controller IMC is a set of software from Cisco USA used to manage UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off, and rebooting the server. The Cisco Integrated Management...
Cisco Releases Security Advisories for Cisco Integrated Management Controller
Cisco has released security advisories for vulnerabilities in the Cisco integrated management controller. A remote cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisories and...
Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability...
Cisco Integrated Management Controller CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or high...
PT-2024-3106 · Cisco · Cisco Integrated Management Controller
Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC exists due to insufficient user input validation,...
PT-2024-2892 · Cisco · Cisco Integrated Management Controller
Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC affected versions not specified Description: A vulnerability in the CLI of the Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to perform command injection...
CVE-2023-20228
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...
CVE-2023-20228
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...
Cisco Integrated Management Controller GUI DoS (cisco-sa-imc-gui-dos-TZjrFyZh)
According to its self-reported version, Cisco Integrated Management Controller is affected by a denial of service DoS vulnerability in its web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by sending...