Cisco Integrated Management Controller RCE (cisco-sa-ucs-api-rce-UXwpeDHd)

According to its self-reported version, Cisco Unified Computing System E-Series Software UCSE is affected by multiple remote code execution RCE vulnerabilities in the API subsystem due to improper boundary checks for certain user-supplied input. An unauthenticated, remote attacker can exploit...

Cisco Integrated Management Controller Authorization Bypass (cisco-sa-cimc-auth-zWkppJxL)

According to its self-reported version, Cisco Unified Computing System Management Software is affected by an authorization bypass vulnerability due to improper authorization checks on API endpoints. An authenticate, remote attacker can exploit this issue, by sending malicious requests to an API...

Cisco UCS Manager Software Local Management CLI DoS (cisco-sa-ucs-cli-dos-GQUxCnTe)

According to its self-reported version, Cisco Unified Computing System Managed is affected by a DoS vulnerability. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. These include several Nexus, MDS 9000 switches, UCS and Firepower models. The vulnerabilities enable a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...

Cisco Patches 'High-Severity' Bugs Impacting Switches, Fibre Storage

Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet...

PT-2020-3774 · Cisco · Cisco Ucs 6400 Series Fabric Interconnects +1

Name of the Vulnerable Software and Affected Versions: Cisco UCS 6400 Series Fabric Interconnects affected versions not specified Cisco UCS Manager Software affected versions not specified Description: The issue is related to the improper handling of CLI command parameters in the local management...

Cisco IP Phone Harbors Critical RCE Flaw

Cisco is warning of a critical flaw in the web server of its IP phones. If exploited, the flaw could allow an unauthenticated, remote attacker to execute code with root privileges or launch a denial-of-service DoS attack. Proof-of-concept PoC exploit code has been posted on GitHub for the...

Cisco Unified Computing System Fabric Interconnect Root Privilege Escalation (cisco-sa-20190828-ucs-privescalation)

According to its self-reported version, Cisco NX-OS Software on Cisco Unified Computing System Fabric Interconnects is affected by a vulnerability in a specific CLI command within the local management local-mgmt context due to extraneous subcommand options. An authenticated, local attacker can...

The vulnerability of the command-line interface of the Cisco Unified Computing System (UCS) Manager and the Cisco FXOS operating system allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of the Cisco Unified Computing System UCS Manager and the Cisco FXOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the command-line interface of the Cisco Unified Computing System (UCS) Manager and the Cisco FXOS operating system allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of the Cisco Unified Computing System UCS Manager and the Cisco FXOS operating system is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability can allow an attacker to...

The vulnerability of microprogrammed software in routers of the UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects, and UCS 6400 Series Fabric Interconnects arises from the use of external subcommands provided for a specific CLI command within the context of local-mgmt. This allows attackers to elevate their privileges to the root level.

The vulnerability of microprogrammed software in routers of the UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects, and UCS 6400 Series Fabric Interconnects is related to the use of external subcommands provided for a specific CLI command within the context of local-mgmt...

The vulnerability affects the Cisco Integrated Management Controller (IMC) Supervisor web interface, as well as tools for managing physical infrastructure and virtual environments from Cisco UCS Director and Cisco UCS Director Express for Big Data. This allows attackers to execute arbitrary commands.

The vulnerability of the Cisco Integrated Management Controller IMC Supervisor web interface, as well as the tools for managing physical infrastructure and virtual environments such as Cisco UCS Director and Cisco UCS Director Express for Big Data, is related to insufficient validation of input...

Cisco Extends Patch for IPv6 DoS Vulnerability

Cisco has extended its patch for a high-severity IPv6 denial-of-service DoS vulnerability that was first addressed in 2016. The bug CVE-2016-1409 is a vulnerability in the IPv6 packet processing functions of multiple Cisco products, which could allow an unauthenticated, remote attacker to cause a...

The vulnerability affects the web interface for controlling the Cisco Integrated Management Controller (IMC) Supervisor, as well as tools for managing physical infrastructure and virtual environments like Cisco UCS Director and Cisco UCS Director Express for Big Data. This allows attackers to gain access to target systems with administrator privileges.

The vulnerability of the Cisco Integrated Management Controller IMC Supervisor web interface, as well as the tools for managing physical infrastructure and virtual environments like Cisco UCS Director and Cisco UCS Director Express for Big Data, is related to authentication procedures that have...

The vulnerability affects the web interface for managing the Cisco Integrated Management Controller (IMC) Supervisor, as well as tools for managing physical infrastructure and virtual environments like Cisco UCS Director and Cisco UCS Director Express for Big Data. This allows an attacker to obtain a valid session token with administrator privileges on the target system.

The vulnerability of the Cisco Integrated Management Controller IMC Supervisor web interface, as well as the tools for managing physical infrastructure and virtual environments such as Cisco UCS Director and Cisco UCS Director Express for Big Data, is related to authentication procedures that hav...

CVE-2019-1966 Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerabilities

Cisco Integrated Management Controller IMC is a set of software from Cisco USA for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An authentication bypass...

Cisco UCS C-Series Servers and UCS S-Series Servers Information Disclosure Vulnerability

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An...