43 matches found
CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...
CVE-2017-12349
Cisco UCS Central Software’s web-based management interface contains multiple vulnerabilities (CVE-2017-12349) that could allow a remote attacker to perform cross-site scripting (XSS) or hijack a valid session ID. The CVE description specifies XSS and session hijacking as potential impacts; Cisco...
CVE-2017-12348
Cisco UCS Central Software web-based management interface contains cross-site scripting (XSS) vulnerabilities (CVE-2017-12348) that could allow a remote attacker to execute script in the user’s browser or hijack a session ID. Root cause: inadequate validation of user-submitted input in the web in...
CVE-2017-12255
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...
CVE-2017-12255
Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...
CVE-2017-12255
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...
Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE
The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially craft...
Cross site scripting
Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...
CVE-2016-1401
Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...
Cisco UCS Central Software Arbitrary Command Execution Vulnerability
A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco...
CVE-2015-6387
The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...
CVE-2015-4286
The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...
CVE-2015-4286
CVE-2015-4286 affects Cisco UCS Central Software (web framework) 1.3(0.99). A directory traversal vulnerability allows an unauthenticated, remote attacker to read arbitrary files by sending a crafted HTTP request. Root cause cited as improper input validation. Impact is exposure of sensitive info...
CVE-2015-4286
The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...
CVE-2015-4183
Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...
CVE-2015-4183
Cisco UCS Central Software 1.2(1a) contains a CLI command-injection vulnerability (CVE-2015-4183) due to insufficient input validation. An authenticated, local attacker could inject arbitrary commands and execute with elevated OS privileges by supplying crafted CLI parameters. Impact includes pot...
CVE-2015-4183
Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...
Cisco UCS Central Software Command-Line Interface Command Injection Vulnerability
A vulnerability in the command-line interface CLI of Cisco UCS Central Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An...
Cisco UCS Central Software Vulnerability
Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to revie...