CVE-2017-6601

A vulnerability in the CLI of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384...

CVE-2017-6597

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More...

CVE-2017-6600

A vulnerability in the CLI of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351...

CVE-2017-3817

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.50.1...

CVE-2017-6602

A vulnerability in the CLI of Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189...

Cisco UCS Manager CLI Command Injection Vulnerabilities (cisco-sa-20170405-cli1, cisco-sa-20170405-cli2)

A vulnerability in the CLI of the Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to perform a command injection attack. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

Cisco Unified Computing System Director Elevation of Privilege Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. An elevation of privilege vulnerability exists in Cisco Unified Computing System Director. An attacker could exploit the vulnerability to gain...

Cisco Unified Computing System Local Elevation of Privilege Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. An elevation of privilege vulnerability exists in Cisco Unified Computing System UCS versions prior to 3.02d in UCS Manager and UCS 6200 Fabric...

CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System UCS through 3.02d allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263...

Cisco Patches Critical WebEx Meetings Server Vulnerability

Cisco warned customers of 12 vulnerabilities across its product line this week, including a critical vulnerability in the software that powers its conferencing product, WebEx Meetings Server. The company stressed on Wednesday that version 2.6 of its WebEx Meetings Server is vulnerable to a remote...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and appl...

Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Unified Computing System UCS Manager and UCS 6200 Series Fabric Interconnects could allow an authenticated, local attacker to access the underlying operating system with the privileges of the root user. The vulnerability is due to...

Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of hardware and software components within a computing system. Cisco Unified Computing System UCS Performance Manager does not validate the parameter values of HTTP GET requests, which can be exploited to perform...

Cisco Unified Computing System Performance Manager Input Validation Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Unified Computing System UCS Performance Manager. Exploitation of this vulnerability could allow an authenticated remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cis...

Cisco Unified Computing System Platform Emulator Command Injection/Buffer Overflow Vulnerability (cisco-sa-20160414-ucspe1, cisco-sa-20160414-ucspe2)

Cisco Unified Computing System Platform Emulator is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco UCS Platform Emulator < 3.1(1ePE1) Multiple Vulnerabilities

According to its self-reported version number, the Cisco Unified Computing System UCS Platform Emulator running on the remote host is prior to 3.11ePE1. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists due to improper validation of...

CVE-2016-1401

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

Cisco Unified Computing System Central Cross-Site Scripting Vulnerability

Cisco Unified Computing System UCS Central is a suite of software from Cisco that manages the Cisco UCS server domain. The software provides policy-based automation of servers to improve IT efficiency and centralized fault overview of rapid problem solving and other features. A cross-site scripti...

CVE-2016-1340

Cisco UCS Platform Emulator (UCSPE) versions 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 are affected by a heap-based buffer overflow when handling libclimeta.so filename arguments. Root cause: improper validation of the libclimeta.so filename, enabling local privilege escalation. Impact: local users can...