292 matches found
CVE-2012-4087
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System UCS allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793...
CVE-2012-4089
MCTOOLS in the fabric interconnect in Cisco Unified Computing System UCS allows local users to execute arbitrary Baseboard Management Controller BMC commands by leveraging 1 local, 2 shell-level, or 3 debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239...
CVE-2012-4073
The KVM subsystem in the client in Cisco Unified Computing System UCS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332...
CVE-2012-4093
The Manager component in Cisco Unified Computing System UCS allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186...
Cisco Unified Computing System Fabric Interconnect String Overflow Vulnerability
A vulnerability in the administrative web interface of the Cisco Unified Computing System could allow an authenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Cisco Management Controller Command Injection Vulnerability
A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands on the underlying operation system with elevated privileges. The vulnerability is due to improper parameter input validation. An attacker could...
Cisco Unified Computing System Software KVM Encryption Vulnerability
A vulnerability in Cisco Unified Computing System software KVM could allow an unauthenticated, remote attacker to intercept a KVM connection to spoof a host or decrypt keyboard and mouse events on an encrypted channel. The vulnerability is due to a hard coded SSL certificate. An attacker could...
Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability
A vulnerability in Cisco Unified Computing System software KVM client could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to improper certificate validation by the KVM client. An attacker could exploit this vulnerability by intercepting ...
Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability
A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...
Cisco Unified Computing System Smart Call Home Input Validation Vulnerability
A vulnerability in Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by configuring an invalid contact address fo...
Default Password (cliuser) for 'cliuser' Account
The account 'cliuser' on the remote host has the password 'cliuser'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Cisco Unified Computing System Platform Emulator is known to use these credentials to provide administrative access to the CLI...
Multiple Vulnerabilities in Cisco Unified Computing System (cisco-sa-20130424-ucsmulti)
Managed and standalone Cisco Unified Computing System UCS deployments contain one or more of the following vulnerabilities : - Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability CVE-2013-1182 - Cisco Unified Computing System IPMI Buffer Overflow Vulnerability CVE-2013-11...
Cisco Unified Computing System (UCS) Manager Version
Cisco Unified Computing System UCS Manager software is listening on remote Cisco device. It allows for the management of Cisco UCS hardware and software components. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69919; scriptversion"1.8";...
Cisco Unified Computing System multiple security vulnerabilities
Buffer overflow, information leakage, authentication bypass, DoS...
Cisco Unified Computing System Central Software DOM-Based Cross-Site Scripting Vulnerability
Cisco Unified Computing System Central Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability exists because the affected software fails to perform sufficient validation and sanitation of user-supplied inpu...
CVE-2013-1178
Multiple buffer overflows in the Cisco Discovery Protocol CDP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.24 and 6.x before 6.11, Nexus 5000 and 5500 devices 4.x and 5.x before 5.13N11, Nexus 4000 devices before 4.12E11h, Nexus 3000 devices 5.x before 5.03U31, Nexus...
Buffer overflow
Multiple buffer overflows in the Cisco Discovery Protocol CDP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.24 and 6.x before 6.11, Nexus 5000 and 5500 devices 4.x and 5.x before 5.13N11, Nexus 4000 devices before 4.12E11h, Nexus 3000 devices 5.x before 5.03U31, Nexus...
Design/Logic Flaw
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.03N22, Nexus 3000 devices 5.x before 5.03U32, and Unified Computing System UCS 6200 devices before 2.01w allows remote attackers to cause a denial of service device reload by sending a jumbo packet to the management interface, aka Bug IDs...
CVE-2013-1181
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.03N22, Nexus 3000 devices 5.x before 5.03U32, and Unified Computing System UCS 6200 devices before 2.01w allows remote attackers to cause a denial of service device reload by sending a jumbo packet to the management interface, aka Bug IDs...
CVE-2013-1186
CVE-2013-1186 concerns Cisco UCS: versions 1.x before 1.4(4) and 2.x before 2.0(2m) are affected by a KVM authentication bypass via a crafted IMC authentication request. The issue is part of a Cisco UCS multi-vulnerability set; other CVEs (1182–1185) accompany it. Affected component is the Cisco ...