CVE-2014-7996

Cisco UCS Integrated Management Controller CIMC is affected by a CSRF vulnerability (CVE-2014-7996) in its web framework. An unauthenticated, remote attacker can perform a CSRF attack and hijack user sessions. The issue stems from insufficient CSRF protections in CIMC’s web interface. Impact as d...

Command injection

Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted 1 ping6 or 2 traceroute6 command, aka Bug ID CSCuq38176...

CVE-2014-7989

CVE-2014-7989 affects Cisco Unified Computing System B-Series Blade Servers. It arises from improper input validation in the ping6 and traceroute6 commands, allowing an authenticated local attacker to escalate to shell-level access—potentially via local-mgmt context. Cisco released a security not...

Cisco Integrated Management Controller Vulnerability

Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to relea...

Code injection

The SSH module in the Integrated Management Controller IMC before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service IMC hang via a crafted SSH packet, aka Bug ID CSCuo69206...

CVE-2014-3348

CVE-2014-3348 affects Cisco UCS IMC SSH on E-Series blade servers, with the SSH module prior to 2.3(1) vulnerable to remote, unauthenticated DoS (IMC hang) via a crafted SSH packet. Affected product: Cisco Integrated Management Controller (IMC) in UCS E-Series blade servers. Root cause: improper ...

Cisco Unified Computing System E DoS

SSH DoS in built in management controller...

Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

CVE-2014-3261

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.41i, NX-OS 5.0 before 5.03U22 on Nexus 3000 devices, NX-OS 4.1 before 4.12E11l on Nexus 4000 devices, NX-OS 5.x before 5.13N11 on Nexus 5000 devices, NX-OS 5...

Buffer overflow

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.41i, NX-OS 5.0 before 5.03U22 on Nexus 3000 devices, NX-OS 4.1 before 4.12E11l on Nexus 4000 devices, NX-OS 5.x before 5.13N11 on Nexus 5000 devices, NX-OS 5...

CVE-2014-3261

CVE-2014-3261 details a buffer overflow in Cisco NX-OS Smart Call Home, exploitable via crafted SMTP replies to remote SMTP servers. Affected platforms include Cisco UCS NX-OS on Fabric Interconnects, Nexus 3000/4000/5000/7000, and CGOS CG4 (with specific version ranges provided in the Cisco and ...

CVE-2014-3261

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.41i, NX-OS 5.0 before 5.03U22 on Nexus 3000 devices, NX-OS 4.1 before 4.12E11l on Nexus 4000 devices, NX-OS 5.x before 5.13N11 on Nexus 5000 devices, NX-OS 5...

Command injection

Cisco Unified Computing System UCS Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128...

Cisco Unified Computing System 'copy'命令本地特权提升漏洞

Bugtraq ID:65638 CVE ID:CVE-2014-0730 Cisco Unified Computing System通过将统一计算、网络、存储访问和虚拟化整合到一个系统中,简化IT管理并提高灵活性。 Cisco Unified Computing System local-mgmt上下文存在安全漏洞，允许本地通过验证的攻击者提升权限。漏洞是由于不正确校验copy命令的输入，允许攻击者提交特殊命令来获得对shell的访问。 0 Cisco Unified Computing System Central Software 厂商补丁： Cisco -----...

Cisco Unified Computing System Director默认验证凭据安全绕过漏洞

Bugtraq ID:65666 CVE ID:CVE-2014-0709 Cisco Unified Computing System通过将统一计算、网络、存储访问和虚拟化整合到一个系统中,简化IT管理并提高灵活性。 Cisco Unified Computing System Director存在安全漏洞，允许远程攻击者利用漏洞完全控制设备。漏洞是由于安装过程中创建了默认的root用户账户，允许攻击者利用该账户远程访问服务器CLI，控制设备。 0 Cisco UCS Director 4.0.0.3 厂商补丁： Cisco ----- Cisco UCS Director...

Cisco Unified Computing System Central Software Privilege Escalation Vulnerability

A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the copy command. An attacker could exploit this...

Cisco UCS Director Default Credentials Vulnerability

A vulnerability in Cisco Unified Computing System UCS Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Smart Call Home Input Validation Vulnerability (CSCtl00186)

A vulnerability in Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by configuring an invalid contact address fo...

Cisco Unified Computing System Cisco Management Controller Denial of Service Vulnerability (CSCtg20734)

A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability (CSCte90338)

A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...