286 matches found
Cisco Unified Computing System on C-Series Rack Servers Cross-Frame Scripting Vulnerability
The Cisco Unified Computing System is an all-in-one platform for computing, virtualization, and networking. A cross-framework scripting vulnerability in Cisco Unified Computing System on C-Series Rack Servers allows attackers to hijack an attack via crafted website behavior...
CVE-2015-0599
The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...
CVE-2014-8003
Cisco Integrated Management Controller in Cisco Unified Computing System 2.22cA and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998...
Command injection
Cisco Integrated Management Controller in Cisco Unified Computing System 2.22cA and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998...
CVE-2014-8009
CVE-2014-8009 affects Cisco Unified Computing System Manager (UCSM) up to version 2.1(3f). The issue is an information-disclosure vulnerability where remote, unauthenticated attackers can read log files to obtain sensitive system information. Exploitation details are not provided in the cited doc...
CVE-2014-8003
Cisco Integrated Management Controller in Cisco UCS 2.2(2c)A and earlier is affected by CVE-2014-8003 due to improper input validation in the map-nfs command. This allows an authenticated, local attacker to gain shell-level access to the device. The issue is tied to Bug CSCup05998. Cisco’s adviso...
Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability
Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Manager Information Disclosure Vulnerability
A vulnerability in the system logs of the Cisco Unified Computing System Manager could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to the inclusion of sensitive information in certain log files. An attacker could exploit this...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477...
CVE-2014-7996
Cisco UCS Integrated Management Controller CIMC is affected by a CSRF vulnerability (CVE-2014-7996) in its web framework. An unauthenticated, remote attacker can perform a CSRF attack and hijack user sessions. The issue stems from insufficient CSRF protections in CIMC’s web interface. Impact as d...
Command injection
Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted 1 ping6 or 2 traceroute6 command, aka Bug ID CSCuq38176...
CVE-2014-7989
CVE-2014-7989 affects Cisco Unified Computing System B-Series Blade Servers. It arises from improper input validation in the ping6 and traceroute6 commands, allowing an authenticated local attacker to escalate to shell-level access—potentially via local-mgmt context. Cisco released a security not...
Cisco Integrated Management Controller Vulnerability
Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to relea...
Code injection
The SSH module in the Integrated Management Controller IMC before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service IMC hang via a crafted SSH packet, aka Bug ID CSCuo69206...
CVE-2014-3348
CVE-2014-3348 affects Cisco UCS IMC SSH on E-Series blade servers, with the SSH module prior to 2.3(1) vulnerable to remote, unauthenticated DoS (IMC hang) via a crafted SSH packet. Affected product: Cisco Integrated Management Controller (IMC) in UCS E-Series blade servers. Root cause: improper ...
Cisco Unified Computing System E DoS
SSH DoS in built in management controller...
Cisco Integrated Management Controller SSH Denial of Service Vulnerability
A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...
CVE-2014-3261
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.41i, NX-OS 5.0 before 5.03U22 on Nexus 3000 devices, NX-OS 4.1 before 4.12E11l on Nexus 4000 devices, NX-OS 5.x before 5.13N11 on Nexus 5000 devices, NX-OS 5...
Buffer overflow
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.41i, NX-OS 5.0 before 5.03U22 on Nexus 3000 devices, NX-OS 4.1 before 4.12E11l on Nexus 4000 devices, NX-OS 5.x before 5.13N11 on Nexus 5000 devices, NX-OS 5...
CVE-2014-3261
CVE-2014-3261 details a buffer overflow in Cisco NX-OS Smart Call Home, exploitable via crafted SMTP replies to remote SMTP servers. Affected platforms include Cisco UCS NX-OS on Fabric Interconnects, Nexus 3000/4000/5000/7000, and CGOS CG4 (with specific version ranges provided in the Cisco and ...