CVE-2013-1182

The CVE-2013-1182 issue affects Cisco UCS: the login page of the UCS Manager Web Console allows remote LDAP authentication bypass via a malformed request in versions prior to 1.0(2h), 1.1 prior to 1.1(1j), and 1.3(x). Root cause is an LDAP authentication bypass in the Web Console login flow. Impa...

CVE-2013-1184

CVE-2013-1184 affects Cisco UCS Manager (XML API management service) in UCS 1.x before 1.2(1b). The Management API can be triggered by a malformed request to cause a denial-of-service (service outage). Affected component: XML API management service in the Manager. Root cause: malformed request ha...

CVE-2013-1181

Cisco NX-OS-based products (Nexus 5500, Nexus 3000, UCS 6200) are affected by CVE-2013-1181. The issue allows remote attackers to trigger a denial-of-service (device reload) by sending a jumbo packet to the management interface. Affected ranges noted as Nexus 5500 4.x/5.x before 5.0(3)N2(2), Nexu...

Cisco Releases Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive...

Cisco Unified Computing System Fabric Interconnect SNMP Message Processing Denial of Service Vulnerability

Cisco Unified Computing System contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to errors in processing malicious Simple Network Management Protocol SNMP messages by the affected software. An...

CVE-2012-1339

The Fabric Interconnect component in Cisco Unified Computing System UCS 2.0 allows remote attackers to cause a denial of service process crash via an attempted SSH session, aka Bug ID CSCtt94543...

Cross site request forgery (csrf)

Cisco Unified Computing System UCS 1.4 and 2.0 allows remote authenticated users to cause a denial of service device reload via a malformed SNMP request to a Fabric Interconnect FI device, aka Bug ID CSCts32463...

CVE-2012-1365

Cisco Unified Computing System UCS 1.4 and 2.0 allows remote authenticated users to cause a denial of service device reload via a malformed SNMP request to a Fabric Interconnect FI device, aka Bug ID CSCts32463...

Command injection

Cisco Nexus OS aka NX-OS 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188...

CVE-2011-2569

Cisco Nexus OS aka NX-OS 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188...

CVE-2011-2569

Cisco Nexus OS aka NX-OS 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188...

CVE-2011-2569

Cisco NX-OS (Nexus OS) 4.2 and 5.0 and Cisco UCS software 1.4 and 2.0 are affected by CVE-2011-2569 due to improper sanitization of user input in CLI options, enabling authenticated, local users to escalate privileges via unspecified vectors. Root cause: insufficient restriction of command-line o...