Cisco Patches 'High-Severity' Bugs Impacting Switches, Fibre Storage

Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet...

PT-2020-3774 · Cisco · Cisco Ucs 6400 Series Fabric Interconnects +1

Name of the Vulnerable Software and Affected Versions: Cisco UCS 6400 Series Fabric Interconnects affected versions not specified Cisco UCS Manager Software affected versions not specified Description: The issue is related to the improper handling of CLI command parameters in the local management...

Cisco IP Phone Harbors Critical RCE Flaw

Cisco is warning of a critical flaw in the web server of its IP phones. If exploited, the flaw could allow an unauthenticated, remote attacker to execute code with root privileges or launch a denial-of-service DoS attack. Proof-of-concept PoC exploit code has been posted on GitHub for the...

Cisco Unified Computing System Fabric Interconnect Root Privilege Escalation (cisco-sa-20190828-ucs-privescalation)

According to its self-reported version, Cisco NX-OS Software on Cisco Unified Computing System Fabric Interconnects is affected by a vulnerability in a specific CLI command within the local management local-mgmt context due to extraneous subcommand options. An authenticated, local attacker can...

The vulnerability of the command-line interface of the Cisco Unified Computing System (UCS) Manager and the Cisco FXOS operating system allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of the Cisco Unified Computing System UCS Manager and the Cisco FXOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of microprogrammed software in routers of the UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects, and UCS 6400 Series Fabric Interconnects arises from the use of external subcommands provided for a specific CLI command within the context of local-mgmt. This allows attackers to elevate their privileges to the root level.

The vulnerability of microprogrammed software in routers of the UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects, and UCS 6400 Series Fabric Interconnects is related to the use of external subcommands provided for a specific CLI command within the context of local-mgmt...

The vulnerability affects the Cisco Integrated Management Controller (IMC) Supervisor web interface, as well as tools for managing physical infrastructure and virtual environments from Cisco UCS Director and Cisco UCS Director Express for Big Data. This allows attackers to execute arbitrary commands.

The vulnerability of the Cisco Integrated Management Controller IMC Supervisor web interface, as well as the tools for managing physical infrastructure and virtual environments such as Cisco UCS Director and Cisco UCS Director Express for Big Data, is related to insufficient validation of input...

Cisco Extends Patch for IPv6 DoS Vulnerability

Cisco has extended its patch for a high-severity IPv6 denial-of-service DoS vulnerability that was first addressed in 2016. The bug CVE-2016-1409 is a vulnerability in the IPv6 packet processing functions of multiple Cisco products, which could allow an unauthenticated, remote attacker to cause a...

The vulnerability affects the web interface for controlling the Cisco Integrated Management Controller (IMC) Supervisor, as well as tools for managing physical infrastructure and virtual environments like Cisco UCS Director and Cisco UCS Director Express for Big Data. This allows attackers to gain access to target systems with administrator privileges.

The vulnerability of the Cisco Integrated Management Controller IMC Supervisor web interface, as well as the tools for managing physical infrastructure and virtual environments like Cisco UCS Director and Cisco UCS Director Express for Big Data, is related to authentication procedures that have...

CVE-2019-1966 Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerabilities

Cisco Integrated Management Controller IMC is a set of software from Cisco USA for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An authentication bypass...

Cisco Integrated Management Controller Operating System Command Injection Vulnerability (CNVD-2019-28403)

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. There is a...

CVE-2019-12634 Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a...

Cisco Patches Six Critical Bugs in UCS Gear and Switches

Cisco Systems is warning of six critical vulnerabilities impacting a wide range of its products, including its Unified Computing System server line and its small business 220 Series Smart switches. In all instances of the vulnerabilities, a remote unauthenticated attacker could take over targeted...

Cisco Unified Computing System BIOS Signature Bypass Vulnerability

A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System UCS C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An...

The vulnerability of the command-line interface of Cisco UCS Blade Series B software allows a hacker to write arbitrary files.

The vulnerability of the command-line interface of Cisco UCS Blade series B micro-programming system software is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to write arbitrary files by modifying the command-line interface parameters...

CVE-2019-1725

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

CVE-2019-1616

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An...