Lucene search
K

99 matches found

Prion
Prion
added 2016/04/14 1:59 a.m.21 views

Input validation

Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...

7.5CVSS8.1AI score0.0224EPSS
Exploits0References2Affected Software1
CISA
CISA
added 2016/04/13 12:0 a.m.7 views

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco...

6.8AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/03/17 12:0 a.m.18 views

Cisco UCS Central Software Server Side Request Forgery Security Bypass / Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Central software could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF or cross-site scripting XSS on a targeted system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...

5CVSS6AI score0.02049EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2016/03/17 12:0 a.m.11 views

Cisco UCS Central Detectioni (HTTP)

This Script performs HTTP based detection of Cisco UCS Central SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2016/03/17 12:0 a.m.19 views

Cisco UCS Central Version Detection

This Script consolidate the via SSH or HTTPs detected version of Cisco UCS Central for later use. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2016/03/17 12:0 a.m.12 views

Cisco UCS Central Detection (SSH)

'This script performs SSH based version detection of Cisco UCS Central SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/02/12 12:0 a.m.9 views

The vulnerability of the centralized device management system of Cisco Unified Computing System Central and the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary commands.

The vulnerability of the CGI script of the Cisco Unified Computing System Central device management system and the Cisco Firepower Extensible Operating System exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...

10CVSS8.2AI score0.08684EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2015/12/09 12:0 a.m.2 views

Cisco UCS Central Software Cross-Site Scripting Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated remote attacker induces a user to click ...

4.3CVSS6.5AI score0.0136EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/09 12:0 a.m.3 views

Cisco UCS Central Software Server-Side Request Forgery Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated, remote attacker sends constructed...

5CVSS7.1AI score0.02049EPSS
Exploits0References1
Prion
Prion
added 2015/12/05 3:59 a.m.19 views

Server side request forgery (ssrf)

Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...

5CVSS7.1AI score0.02049EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/12/05 2:0 a.m.48 views

CVE-2015-6387

The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...

4.3CVSS5.8AI score0.0136EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/12/05 2:0 a.m.19 views

CVE-2015-6388

Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...

6.6AI score0.02049EPSS
Exploits0References3
CNVD
CNVD
added 2015/07/30 12:0 a.m.5 views

Cisco UCS Central Software Directory Traversal Vulnerability

Cisco UCS Central Software is the United States of America Cisco Cisco, a combination of computing, virtualization and networking in one software platform. A directory traversal vulnerability in Cisco UCS Central Software allows remote attackers to read arbitrary files via a crafted HTTP request...

5CVSS6.9AI score0.01729EPSS
Exploits0References1
NVD
NVD
added 2015/07/29 2:59 p.m.15 views

CVE-2015-4286

The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...

5CVSS6.6AI score0.01729EPSS
Exploits0References2
Prion
Prion
added 2015/07/29 2:59 p.m.17 views

Command injection

The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...

5CVSS7.1AI score0.01729EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/07/29 2:0 p.m.28 views

CVE-2015-4286

The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...

6.6AI score0.01729EPSS
Exploits0References2
CVE
CVE
added 2015/07/29 2:0 p.m.43 views

CVE-2015-4286

CVE-2015-4286 affects Cisco UCS Central Software (web framework) 1.3(0.99). A directory traversal vulnerability allows an unauthenticated, remote attacker to read arbitrary files by sending a crafted HTTP request. Root cause cited as improper input validation. Impact is exposure of sensitive info...

5CVSS6.8AI score0.01729EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2015/07/28 8:43 p.m.22 views

Cisco UCS Central Software File Access Vulnerability

A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to download arbitrary files from a targeted device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

5CVSS6.4AI score0.01729EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/06/30 12:0 a.m.7 views

The vulnerability of the Cisco UCS Central device’s centralized management system allows a hacker to execute arbitrary code.

The vulnerability of the web-component of the Cisco UCS Central device management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted HTTP request from a remote location...

10CVSS5.9AI score0.04514EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2015/06/30 12:0 a.m.6 views

The vulnerability of the Cisco UCS Central device’s centralized management system allows a perpetrator to gain privileges necessary to execute operating system commands.

The vulnerability of the Cisco UCS Central device management system exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow a malicious actor, operating locally, to gain privileges necessary to execute...

7.2CVSS5.7AI score0.00582EPSS
Exploits0References2
Rows per page
Query Builder