Lucene search
K

69 matches found

Cvelist
Cvelist
added 2021/02/04 4:40 p.m.25 views

CVE-2021-1354 Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability

A vulnerability in the certificate registration process of Cisco Unified Computing System UCS Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager UCSM. This vulnerability is due to improper certificate validation. An attacker...

4.3CVSS5AI score0.00416EPSS
Exploits0References1
Cisco
Cisco
added 2021/02/03 4:0 p.m.62 views

Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability

A vulnerability in the certificate registration process of Cisco Unified Computing System UCS Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager UCSM. This vulnerability is due to improper certificate validation. An attacker...

4.3CVSS1.9AI score0.00416EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.27 views

Cisco UCS Central Software < 2.0(1c) HTTP Request Handling RCE

The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...

8.8CVSS8.2AI score0.02269EPSS
Exploits0References4
Prion
Prion
added 2018/01/18 6:29 a.m.15 views

Design/Logic Flaw

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...

5CVSS7.4AI score0.02297EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/01/18 6:29 a.m.19 views

CVE-2018-0094

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...

7.5CVSS7.5AI score0.02297EPSS
Exploits0References3
OSV
OSV
added 2018/01/18 6:29 a.m.2 views

CVE-2018-0094

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...

7.5CVSS5.8AI score0.02297EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/01/18 6:0 a.m.28 views

CVE-2018-0094

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...

7.5AI score0.02297EPSS
Exploits0References3
CVE
CVE
added 2018/01/18 6:0 a.m.59 views

CVE-2018-0094

CVE-2018-0094 affects Cisco UCS Central Software. The issue arises in IPv6 ingress packet processing due to insufficient rate limiting for IPv6 traffic, enabling an unauthenticated, remote attacker to trigger a denial of service via high CPU utilization. Connected documents confirm the vulnerabil...

7.5CVSS7.4AI score0.02297EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/12/04 12:0 a.m.6 views

Cisco UCS Central Software Session Fixation Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A session fixation vulnerability exists in the web-based management interface in Cisco UCS Central Software. A remote...

5.4CVSS6.9AI score0.00891EPSS
Exploits0References1
NVD
NVD
added 2017/11/30 9:29 a.m.15 views

CVE-2017-12349

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References3
NVD
NVD
added 2017/11/30 9:29 a.m.20 views

CVE-2017-12348

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References3
Prion
Prion
added 2017/11/30 9:29 a.m.16 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

3.5CVSS5.3AI score0.00891EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/11/30 9:29 a.m.3 views

CVE-2017-12348

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

5.4CVSS5.7AI score0.00891EPSS
Exploits0References3
CVE
CVE
added 2017/11/30 9:0 a.m.51 views

CVE-2017-12349

Cisco UCS Central Software’s web-based management interface contains multiple vulnerabilities (CVE-2017-12349) that could allow a remote attacker to perform cross-site scripting (XSS) or hijack a valid session ID. The CVE description specifies XSS and session hijacking as potential impacts; Cisco...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/11/30 9:0 a.m.22 views

CVE-2017-12348

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

5.4AI score0.00891EPSS
Exploits0References3
CVE
CVE
added 2017/11/30 9:0 a.m.53 views

CVE-2017-12348

Cisco UCS Central Software web-based management interface contains cross-site scripting (XSS) vulnerabilities (CVE-2017-12348) that could allow a remote attacker to execute script in the user’s browser or hijack a session ID. Root cause: inadequate validation of user-submitted input in the web in...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/09/22 12:0 a.m.3 views

Cisco UCS Central Software Command Injection Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A security vulnerability exists in the CLI in Cisco UCS Central Software, which arises from the program's failure to...

7.2CVSS7AI score0.00425EPSS
Exploits0References1
Prion
Prion
added 2017/09/21 5:29 a.m.16 views

Input validation

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

7.2CVSS6.7AI score0.00425EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/09/21 5:29 a.m.16 views

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

7.2CVSS6.7AI score0.00425EPSS
Exploits0References3
CVE
CVE
added 2017/09/21 5:0 a.m.57 views

CVE-2017-12255

Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...

7.2CVSS6.7AI score0.00425EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder