69 matches found
CVE-2021-1354 Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
A vulnerability in the certificate registration process of Cisco Unified Computing System UCS Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager UCSM. This vulnerability is due to improper certificate validation. An attacker...
Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
A vulnerability in the certificate registration process of Cisco Unified Computing System UCS Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager UCSM. This vulnerability is due to improper certificate validation. An attacker...
Cisco UCS Central Software < 2.0(1c) HTTP Request Handling RCE
The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...
Design/Logic Flaw
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...
CVE-2018-0094
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...
CVE-2018-0094
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...
CVE-2018-0094
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv...
CVE-2018-0094
CVE-2018-0094 affects Cisco UCS Central Software. The issue arises in IPv6 ingress packet processing due to insufficient rate limiting for IPv6 traffic, enabling an unauthenticated, remote attacker to trigger a denial of service via high CPU utilization. Connected documents confirm the vulnerabil...
Cisco UCS Central Software Session Fixation Vulnerability
Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A session fixation vulnerability exists in the web-based management interface in Cisco UCS Central Software. A remote...
CVE-2017-12349
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...
CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...
CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...
CVE-2017-12349
Cisco UCS Central Software’s web-based management interface contains multiple vulnerabilities (CVE-2017-12349) that could allow a remote attacker to perform cross-site scripting (XSS) or hijack a valid session ID. The CVE description specifies XSS and session hijacking as potential impacts; Cisco...
CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...
CVE-2017-12348
Cisco UCS Central Software web-based management interface contains cross-site scripting (XSS) vulnerabilities (CVE-2017-12348) that could allow a remote attacker to execute script in the user’s browser or hijack a session ID. Root cause: inadequate validation of user-submitted input in the web in...
Cisco UCS Central Software Command Injection Vulnerability
Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A security vulnerability exists in the CLI in Cisco UCS Central Software, which arises from the program's failure to...
Input validation
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...
CVE-2017-12255
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...
CVE-2017-12255
Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...