CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

According to its self-reported version, Cisco UCS Central Software Configuration Backup Information Disclosure is affected by a vulnerability. - A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information...

6.3CVSS5.6AI score0.00089EPSS

Exploits0References4

CVE•added 2024/10/16 4:15 p.m.•38 views

CVE-2024-20280

CVE-2024-20280 affects Cisco UCS Central Software backup feature. The root cause is a weakness in the encryption method using a static key for backup configuration, allowing an attacker with access to a backup file to learn sensitive information stored in full state and configuration backups. Aff...

6.3CVSS6.2AI score0.00089EPSS

Exploits0References1Affected Software1

Cisco•added 2024/10/16 4:0 p.m.•10 views

Cisco UCS Central Software Configuration Backup Information Disclosure Vulnerability

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

6.3CVSS6.2AI score0.00089EPSS

Exploits0References1

Prion•added 2021/02/04 5:15 p.m.•16 views

Input validation

A vulnerability in the certificate registration process of Cisco Unified Computing System UCS Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager UCSM. This vulnerability is due to improper certificate validation. An attacker...

2.7CVSS4.2AI score0.00024EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2018/03/06 12:0 a.m.•26 views

Cisco UCS Central Software < 2.0(1c) HTTP Request Handling RCE

The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...

8.8CVSS8.2AI score0.01108EPSS

Exploits0References4

Prion•added 2018/01/18 6:29 a.m.•11 views

Design/Logic Flaw

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...

5CVSS7.4AI score0.01409EPSS

Exploits0References3Affected Software1

OSV•added 2018/01/18 6:29 a.m.•0 views

CVE-2018-0094

7.5CVSS5.8AI score

Exploits0References3

NVD•added 2018/01/18 6:29 a.m.•10 views

CVE-2018-0094

7.5CVSS7.5AI score0.01409EPSS

Exploits0References3

Cvelist•added 2018/01/18 6:0 a.m.•17 views

CVE-2018-0094

7.5AI score0.01409EPSS

Exploits0References3

CVE•added 2018/01/18 6:0 a.m.•52 views

CVE-2018-0094

CVE-2018-0094 affects Cisco UCS Central Software. The issue arises in IPv6 ingress packet processing due to insufficient rate limiting for IPv6 traffic, enabling an unauthenticated, remote attacker to trigger a denial of service via high CPU utilization. Connected documents confirm the vulnerabil...

7.5CVSS7.4AI score0.01409EPSS

Exploits0References3Affected Software1

OSV•added 2017/11/30 9:29 a.m.•1 views

CVE-2017-12348

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

5.4CVSS5.7AI score

Exploits0References3

NVD•added 2017/11/30 9:29 a.m.•11 views

CVE-2017-12348

5.4CVSS5.3AI score0.00235EPSS

Exploits0References3

NVD•added 2017/11/30 9:29 a.m.•11 views

CVE-2017-12349

5.4CVSS5.3AI score0.00235EPSS

Exploits0References3

Rows per page