Lucene search
K

69 matches found

CVE
CVE
added 2017/09/21 5:0 a.m.57 views

CVE-2017-12255

Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...

7.2CVSS6.7AI score0.00425EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/08/25 12:0 a.m.42 views

Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE

The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially craft...

9.8CVSS8.7AI score0.0224EPSS
Exploits0References4
Prion
Prion
added 2016/05/21 1:59 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

4.3CVSS6AI score0.01009EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/05/21 1:0 a.m.67 views

CVE-2016-1401

Cisco UCS Central Cross-Site Scripting (CVE-2016-1401) affects Cisco UCS Central Software 1.4(1a) management interface. The vulnerability arises from insufficient input validation in the HTTP web interface, enabling an unauthenticated/remote attacker to induce a user to click a crafted link and i...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/05/21 1:0 a.m.23 views

CVE-2016-1401

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

6AI score0.01009EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/04/15 12:0 a.m.24 views

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced...

9.8CVSS9.9AI score0.0224EPSS
Exploits0References1
OSV
OSV
added 2016/04/14 1:59 a.m.3 views

CVE-2016-1352

Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...

9.8CVSS6AI score0.0224EPSS
Exploits0References2
CVE
CVE
added 2016/04/14 1:0 a.m.61 views

CVE-2016-1352

Cisco UCS Central Software (pre-1.3(1c)) is vulnerable to remote command execution via crafted HTTP requests due to improper input validation in the web framework. An unauthenticated attacker can execute arbitrary OS commands on affected systems. Cisco has released software updates addressing thi...

9.8CVSS9.6AI score0.0224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/04/14 1:0 a.m.22 views

CVE-2016-1352

Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...

9.7AI score0.0224EPSS
Exploits0References2
Cisco
Cisco
added 2016/04/13 4:0 p.m.44 views

Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...

7.5CVSS9.8AI score0.0224EPSS
Exploits0References1
CISA
CISA
added 2016/04/13 12:0 a.m.7 views

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco...

6.8AI score
Exploits0References1
NVD
NVD
added 2015/12/05 3:59 a.m.16 views

CVE-2015-6388

Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...

5CVSS6.6AI score0.02049EPSS
Exploits0References3
CVE
CVE
added 2015/12/05 2:0 a.m.48 views

CVE-2015-6387

The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...

4.3CVSS5.8AI score0.0136EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/07/29 2:59 p.m.15 views

CVE-2015-4286

The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...

5CVSS6.6AI score0.01729EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/29 2:0 p.m.28 views

CVE-2015-4286

The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...

6.6AI score0.01729EPSS
Exploits0References2
CVE
CVE
added 2015/07/29 2:0 p.m.43 views

CVE-2015-4286

CVE-2015-4286 affects Cisco UCS Central Software (web framework) 1.3(0.99). A directory traversal vulnerability allows an unauthenticated, remote attacker to read arbitrary files by sending a crafted HTTP request. Root cause cited as improper input validation. Impact is exposure of sensitive info...

5CVSS6.8AI score0.01729EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/06/17 10:59 a.m.19 views

CVE-2015-4183

Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...

7.2CVSS6.7AI score0.00582EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/06/17 10:0 a.m.28 views

CVE-2015-4183

Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...

6.7AI score0.00582EPSS
Exploits0References3
CVE
CVE
added 2015/06/17 10:0 a.m.51 views

CVE-2015-4183

Cisco UCS Central Software 1.2(1a) contains a CLI command-injection vulnerability (CVE-2015-4183) due to insufficient input validation. An authenticated, local attacker could inject arbitrary commands and execute with elevated OS privileges by supplying crafted CLI parameters. Impact includes pot...

7.2CVSS7AI score0.00582EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2015/06/15 6:57 p.m.26 views

Cisco UCS Central Software Command-Line Interface Command Injection Vulnerability

A vulnerability in the command-line interface CLI of Cisco UCS Central Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An...

6.8CVSS6.9AI score0.00582EPSS
Exploits0References1
Rows per page
Query Builder