CVE-2012-4103

ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686...

Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability

A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerability

A vulnerability in the run-script command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

Cisco Unified Computing System Fabric Interconnect Directory Traversal Vulnerability

A vulnerability in the image download process of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to overwrite arbitrary files on the filesystem. The vulnerability occurs because the storage location is defined in the image header. An attacker...

Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability

A vulnerability in the Baseboard Management Controller BMC local file editor of the Cisco Unified Computing System could allow an authenticated, local attacker to modify the contents of arbitrary files on the fabric interconnect. The vulnerability is due to a failure to properly sanitize user...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerability

A vulnerability in the local file editor of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to access arbitrary files on the userland filesystem with root privileges. The vulnerability is due to improper input filtering . An attacker could explo...

CVE-2012-4096

The CVE-2012-4096 issue affects Cisco UCS BMC local file editor. Affected product: Cisco Unified Computing System BMC. Description in Cisco advisory and Red Hat/NVD entries confirms that an authenticated, local attacker can modify arbitrary files on the fabric interconnect by abusing the local fi...

CVE-2012-1313

The CVE-2012-1313 entry concerns Cisco UCS PALO adapter cards where the remote debug shell accepts malformed show-macstats parameters, enabling an authenticated, local attacker to gain elevated privileges (potential root access) on the underlying OS. The issue arises from improper handling of cer...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the public XML API service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation in the XML API service. An attacker could exploit...

Cisco Unified Computing System Fabric Interconnect Remote Access Vulnerability

A vulnerability in the high availability service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to gain access to sensitive information and prevent the cluster service from syncing with its peers. The vulnerability is due to improper binding ...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

Cisco Unified Computing System Arbitrary Command Execution Vulnerability

A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...

CVE-2012-4079

The XML API service in the Fabric Interconnect component in Cisco Unified Computing System UCS allows remote attackers to cause a denial of service API service outage via a malformed XML document in a packet, aka Bug ID CSCtg48206...

CVE-2012-4088

Cisco UCS FTP server vulnerability (CVE-2012-4088) arises from an undocumented hard-coded password for an unspecified user account. An unauthenticated, adjacent attacker could read or modify files by exploiting this credential. Cisco’s advisory (CISCO-SA-20130927-CVE-2012-4088) confirms the issue...

CVE-2012-4086

A setup script for fabric interconnect devices in Cisco Unified Computing System UCS allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect FI devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the cluster initial...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in Smart Call Home functionality in the fabric interconnect FI of Cisco Unified Computing System could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to a buffer overflow in the Smart Call Home function. An attacker...

Cisco Unified Computing System Baseboard Management Controller Privilege Escalation Vulnerability

A vulnerability in the Baseboard Management Controller BMC of Cisco Unified Computing System could allow an authenticated, remote attacker to access services with elevated privileges. The vulnerability is due to improper filtering of SSH escape sequences. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the initial configuration...

Cisco Unified Computing System Baseboard Management Controller Arbitrary Command Execution Vulnerability

A vulnerability in the fabric interconnect FI of Cisco Unified Computing System could allow an authenticated, local attacker to execute arbitrary commands on the Baseboard Management Controller BMC with elevated privileges. The vulnerability is due to improper input validation in the MCTOOLS...