Cisco Unified Computing System C Integrated Management Controller Security Bypass Vulnerability

Cisco Unified Computing System UCS C server is a Unified Computing System UCS C-series server from Cisco USA.Integrated Management Controller IMC is a set of management tools used in which it supports HTTP, SSH access, and so on, and can perform operations such as powering on, powering off, and...

CVE-2015-4259

The Integrated Management Controller on Cisco Unified Computing System UCS C servers with software 1.53 and 1.60.16 has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug...

CVE-2015-4259

The Integrated Management Controller on Cisco Unified Computing System UCS C servers with software 1.53 and 1.60.16 has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug...

Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller IMC of Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, adjacent attacker to access specific controls on the Cisco IMC on an affected device. The vulnerability is due to insufficient input validation...

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

CVE-2014-8003

Cisco Integrated Management Controller in Cisco UCS 2.2(2c)A and earlier is affected by CVE-2014-8003 due to improper input validation in the map-nfs command. This allows an authenticated, local attacker to gain shell-level access to the device. The issue is tied to Bug CSCup05998. Cisco’s adviso...

Cisco Integrated Management Controller Privilege Escalation Vulnerability

Cisco Integrated Management Controller contains a vulnerability that could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the map-nfs command. An attacker could exploit this vulnerability by sendin...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477...

CVE-2014-7996

Cisco UCS Integrated Management Controller CIMC is affected by a CSRF vulnerability (CVE-2014-7996) in its web framework. An unauthenticated, remote attacker can perform a CSRF attack and hijack user sessions. The issue stems from insufficient CSRF protections in CIMC’s web interface. Impact as d...

Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

Cisco Integrated Management Controller WebUI Detection

Binary data ciscoimcwebuidetect.nbin...

Cisco UCS Integrated Management Controller < 2.3(1) DoS (cisco-sa-20140908-ucse)

According to its self-reported version, the remote device is running a version of Cisco Integrated Management Controller IMC prior to 2.31 running on an E-series blade server. It is, therefore, affected by a flaw allowing a remote attacker to cause a denial of service by sending a specially craft...

Cisco Integrated Management Controller Vulnerability

Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to relea...

Code injection

The SSH module in the Integrated Management Controller IMC before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service IMC hang via a crafted SSH packet, aka Bug ID CSCuo69206...

CVE-2014-3348

CVE-2014-3348 affects Cisco UCS IMC SSH on E-Series blade servers, with the SSH module prior to 2.3(1) vulnerable to remote, unauthenticated DoS (IMC hang) via a crafted SSH packet. Affected product: Cisco Integrated Management Controller (IMC) in UCS E-Series blade servers. Root cause: improper ...

Authentication flaw

Cisco Unified Computing System UCS 1.x before 1.44 and 2.x before 2.02m allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller IMC, aka Bug ID CSCts53746...