Lucene search
+L

43 matches found

NVD
NVD
added 2017/11/30 9:29 a.m.20 views

CVE-2017-12348

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References3
CVE
CVE
added 2017/11/30 9:0 a.m.53 views

CVE-2017-12349

Cisco UCS Central Software’s web-based management interface contains multiple vulnerabilities (CVE-2017-12349) that could allow a remote attacker to perform cross-site scripting (XSS) or hijack a valid session ID. The CVE description specifies XSS and session hijacking as potential impacts; Cisco...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/11/30 9:0 a.m.54 views

CVE-2017-12348

Cisco UCS Central Software web-based management interface contains cross-site scripting (XSS) vulnerabilities (CVE-2017-12348) that could allow a remote attacker to execute script in the user’s browser or hijack a session ID. Root cause: inadequate validation of user-submitted input in the web in...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/09/21 5:29 a.m.16 views

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

7.2CVSS6.7AI score0.00425EPSS
Exploits0References3
CVE
CVE
added 2017/09/21 5:0 a.m.58 views

CVE-2017-12255

Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...

7.2CVSS6.7AI score0.00425EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/09/21 5:0 a.m.22 views

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

6.7AI score0.00425EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/08/25 12:0 a.m.43 views

Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE

The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially craft...

9.8CVSS8.7AI score0.0224EPSS
Exploits0References4
Prion
Prion
added 2016/05/21 1:59 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

4.3CVSS6AI score0.01009EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/05/21 1:0 a.m.24 views

CVE-2016-1401

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

6AI score0.01009EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/04/15 12:0 a.m.25 views

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced...

9.8CVSS9.9AI score0.0224EPSS
Exploits0References1
CISA
CISA
added 2016/04/13 12:0 a.m.8 views

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco...

6.8AI score
Exploits0References1
CVE
CVE
added 2015/12/05 2:0 a.m.50 views

CVE-2015-6387

The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...

4.3CVSS5.8AI score0.0136EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/07/29 2:59 p.m.15 views

CVE-2015-4286

The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...

5CVSS6.6AI score0.01729EPSS
Exploits0References2
CVE
CVE
added 2015/07/29 2:0 p.m.44 views

CVE-2015-4286

CVE-2015-4286 affects Cisco UCS Central Software (web framework) 1.3(0.99). A directory traversal vulnerability allows an unauthenticated, remote attacker to read arbitrary files by sending a crafted HTTP request. Root cause cited as improper input validation. Impact is exposure of sensitive info...

5CVSS6.8AI score0.01729EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/07/29 2:0 p.m.30 views

CVE-2015-4286

The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...

6.6AI score0.01729EPSS
Exploits0References2
NVD
NVD
added 2015/06/17 10:59 a.m.20 views

CVE-2015-4183

Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...

7.2CVSS6.7AI score0.00582EPSS
Exploits0References3
CVE
CVE
added 2015/06/17 10:0 a.m.54 views

CVE-2015-4183

Cisco UCS Central Software 1.2(1a) contains a CLI command-injection vulnerability (CVE-2015-4183) due to insufficient input validation. An authenticated, local attacker could inject arbitrary commands and execute with elevated OS privileges by supplying crafted CLI parameters. Impact includes pot...

7.2CVSS7AI score0.00582EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/06/17 10:0 a.m.30 views

CVE-2015-4183

Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...

6.7AI score0.00582EPSS
Exploits0References3
Cisco
Cisco
added 2015/06/15 6:57 p.m.27 views

Cisco UCS Central Software Command-Line Interface Command Injection Vulnerability

A vulnerability in the command-line interface CLI of Cisco UCS Central Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An...

6.8CVSS6.9AI score0.00582EPSS
Exploits0References1
CISA
CISA
added 2015/05/08 12:0 a.m.9 views

Cisco UCS Central Software Vulnerability

Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to revie...

6.9AI score
Exploits0References1
Rows per page
Query Builder