69 matches found
CVE-2017-12255
Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...
Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE
The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially craft...
Cross site scripting
Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...
CVE-2016-1401
Cisco UCS Central Cross-Site Scripting (CVE-2016-1401) affects Cisco UCS Central Software 1.4(1a) management interface. The vulnerability arises from insufficient input validation in the HTTP web interface, enabling an unauthenticated/remote attacker to induce a user to click a crafted link and i...
CVE-2016-1401
Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...
Cisco UCS Central Software Arbitrary Command Execution Vulnerability
A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced...
CVE-2016-1352
Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...
CVE-2016-1352
Cisco UCS Central Software (pre-1.3(1c)) is vulnerable to remote command execution via crafted HTTP requests due to improper input validation in the web framework. An unauthenticated attacker can execute arbitrary OS commands on affected systems. Cisco has released software updates addressing thi...
CVE-2016-1352
Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...
Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability
A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco...
CVE-2015-6388
Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...
CVE-2015-6387
The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...
CVE-2015-4286
The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...
CVE-2015-4286
The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...
CVE-2015-4286
CVE-2015-4286 affects Cisco UCS Central Software (web framework) 1.3(0.99). A directory traversal vulnerability allows an unauthenticated, remote attacker to read arbitrary files by sending a crafted HTTP request. Root cause cited as improper input validation. Impact is exposure of sensitive info...
CVE-2015-4183
Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...
CVE-2015-4183
Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...
CVE-2015-4183
Cisco UCS Central Software 1.2(1a) contains a CLI command-injection vulnerability (CVE-2015-4183) due to insufficient input validation. An authenticated, local attacker could inject arbitrary commands and execute with elevated OS privileges by supplying crafted CLI parameters. Impact includes pot...
Cisco UCS Central Software Command-Line Interface Command Injection Vulnerability
A vulnerability in the command-line interface CLI of Cisco UCS Central Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An...