CVE-2015-6387

The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...

Cisco WebEx for Android Security Patch

Cisco has been busy the last two days pushing out a patch and security advisories for a number of its products, including a fix for a remotely exploitable vulnerability in its WebEx Meetings mobile application for Android. Cisco said the vulnerability affects versions prior to 8.5.1 of the app, a...

Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

Cisco Unified Computing System (5b)A on blade servers information disclosure vulnerability

Cisco Unified Computing System is the U.S. Cisco Cisco company's a set of computing, virtualization and networking in one platform. An information disclosure vulnerability exists in Cisco Unified Computing System 2.25bA on blade servers. This allows remote attackers to obtain potentially sensitiv...

Cisco Unified Computing System Blade Server Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Unified Computing System UCS Blade Server could allow an unauthenticated, remote attacker to obtain information about the UCS software version. The vulnerability is due to the verbose output that is returned when a specific URL is submitted to an...

Cisco Unified Computing System Director Arbitrary File Write Vulnerability

The Cisco Unified Computing System simplifies IT management and improves agility by integrating unified computing, networking, storage access and virtualization into a single system. A security vulnerability in the Cisco Unified Computing System Director JSP file allows remote attackers to exploi...

CVE-2015-4259

Cisco UCS C-Series Servers IMC exposes a default SSL certificate, enabling MITM attacks by an attacker with knowledge of the private key. Affected product: Integrated Management Controller on UCS C servers running 1.5(3) or 1.6(0.16). Root cause: use of a default certificate that bypasses cryptog...

Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability

A vulnerability in the Cisco Integrated Management Controller of the Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL...

Cisco Unified Computing System Integrated Management Controller XSRF (CSCuq45477)

A vulnerability in the web framework of the Cisco Unified Computing System Integrated Management Controller can allow an unauthenticated, remote attacker to perform a cross-site request forgery attack. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid83183;...

CVE-2015-0633

The Integrated Management Controller IMC in Cisco Unified Computing System UCS 1.47h and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876...

Cisco Unified Computing System C-Series DHCP Message Handling Denial of Service Vulnerability

The Cisco Unified Computing System simplifies IT management and improves agility by integrating unified computing, networking, storage access and virtualization into a single system. The centralized management controller of the Cisco Unified Computing System Standalone failed to properly validate...

Cisco Unified Computing System on C-Series Rack Servers Cross-Frame Scripting Vulnerability

The Cisco Unified Computing System is an all-in-one platform for computing, virtualization, and networking. A cross-framework scripting vulnerability in Cisco Unified Computing System on C-Series Rack Servers allows attackers to hijack an attack via crafted website behavior...

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

CVE-2014-8003

Cisco Integrated Management Controller in Cisco Unified Computing System 2.22cA and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998...

Command injection

Cisco Integrated Management Controller in Cisco Unified Computing System 2.22cA and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998...

CVE-2014-8009

CVE-2014-8009 affects Cisco Unified Computing System Manager (UCSM) up to version 2.1(3f). The issue is an information-disclosure vulnerability where remote, unauthenticated attackers can read log files to obtain sensitive system information. Exploitation details are not provided in the cited doc...

CVE-2014-8003

Cisco Integrated Management Controller in Cisco UCS 2.2(2c)A and earlier is affected by CVE-2014-8003 due to improper input validation in the map-nfs command. This allows an authenticated, local attacker to gain shell-level access to the device. The issue is tied to Bug CSCup05998. Cisco’s adviso...

Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability

Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Manager Information Disclosure Vulnerability

A vulnerability in the system logs of the Cisco Unified Computing System Manager could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to the inclusion of sensitive information in certain log files. An attacker could exploit this...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477...