Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and appl...

Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Unified Computing System UCS Manager and UCS 6200 Series Fabric Interconnects could allow an authenticated, local attacker to access the underlying operating system with the privileges of the root user. The vulnerability is due to...

Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of hardware and software components within a computing system. Cisco Unified Computing System UCS Performance Manager does not validate the parameter values of HTTP GET requests, which can be exploited to perform...

Cisco Unified Computing System Performance Manager Input Validation Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Unified Computing System UCS Performance Manager. Exploitation of this vulnerability could allow an authenticated remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cis...

Cisco Unified Computing System Platform Emulator Command Injection/Buffer Overflow Vulnerability (cisco-sa-20160414-ucspe1, cisco-sa-20160414-ucspe2)

Cisco Unified Computing System Platform Emulator is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of Cisco Nexus 7000 software allows a malicious actor to trigger buffer overflows.

The buffer overflow in the implementation of the Smart Call Home function in Cisco NX-OS for Cisco Unified Computing System UCS switches and Nexus devices, as well as in Cisco CG-OS for Cisco Connected Grid series 1000 routers, allows remote SMTP servers to execute arbitrary code using specially...

Cisco UCS Platform Emulator < 3.1(1ePE1) Multiple Vulnerabilities

According to its self-reported version number, the Cisco Unified Computing System UCS Platform Emulator running on the remote host is prior to 3.11ePE1. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists due to improper validation of...

CVE-2016-1401

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

Cisco Unified Computing System Central Cross-Site Scripting Vulnerability

Cisco Unified Computing System UCS Central is a suite of software from Cisco that manages the Cisco UCS server domain. The software provides policy-based automation of servers to improve IT efficiency and centralized fault overview of rapid problem solving and other features. A cross-site scripti...

CVE-2016-1340

Cisco UCS Platform Emulator (UCSPE) versions 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 are affected by a heap-based buffer overflow when handling libclimeta.so filename arguments. Root cause: improper validation of the libclimeta.so filename, enabling local privilege escalation. Impact: local users can...

Cisco Unified Computing System Platform Emulator Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Platform Emulator could allow an authenticated, local attacker to perform a command injection attack. The vulnerability occurs because the affected system improperly handles ucspe-copy command-line arguments. An attacker could exploit this...

Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability

A vulnerability in Cisco Unified Computing System UCS Platform Emulator could allow an authenticated, local attacker to trigger a heap-based buffer overflow on a targeted system. The vulnerability occurs because the affected system improperly handles libclimeta.so filename arguments. An attacker...

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A security vulnerability exists in Cisco UCS Central Software version 1.31b and earlier. Due to the program failing to...

Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...

CVE-2015-0718

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System UCS platforms allows remote attackers to cause a denial of service TCP stack reload by sending crafted TCP packets to a device that has a TIMEWAIT TCP session, aka Bug ID CSCub70579...

Cisco Unified Computing System Manager Remote Command Execution Vulnerability (cisco-sa-20160120-ucsm)

A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...

Cisco Unified Computing System (UCS) Denial of Service Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. A security vulnerability exists in the SSH management interface of the Fabric Interconnect 6200 appliance. A remote attacker could cause a denial...

CVE-2015-6415

Cisco Unified Computing System UCS 2.23fA on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service CPU consumption or device outage via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Unified Computing System UCS Central Software 1.30.1 allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573...