CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

286 matches found

Cvelist•added 2014/05/24 1:0 a.m.•20 views

CVE-2014-3261

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.41i, NX-OS 5.0 before 5.03U22 on Nexus 3000 devices, NX-OS 4.1 before 4.12E11l on Nexus 4000 devices, NX-OS 5.x before 5.13N11 on Nexus 5000 devices, NX-OS 5...

7.6AI score0.0082EPSS

Exploits0References1

Prion•added 2014/02/22 9:55 p.m.•12 views

Command injection

Cisco Unified Computing System UCS Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128...

6.8CVSS7.1AI score0.0007EPSS

Exploits1References2Affected Software1

seebug.org•added 2014/02/21 12:0 a.m.•27 views

Cisco Unified Computing System Director默认验证凭据安全绕过漏洞

Bugtraq ID:65666 CVE ID:CVE-2014-0709 Cisco Unified Computing System通过将统一计算、网络、存储访问和虚拟化整合到一个系统中,简化IT管理并提高灵活性。 Cisco Unified Computing System Director存在安全漏洞，允许远程攻击者利用漏洞完全控制设备。漏洞是由于安装过程中创建了默认的root用户账户，允许攻击者利用该账户远程访问服务器CLI，控制设备。 0 Cisco UCS Director 4.0.0.3 厂商补丁： Cisco ----- Cisco UCS Director...

9.3CVSS6.6AI score0.00471EPSS

Exploits1

seebug.org•added 2014/02/21 12:0 a.m.•25 views

Cisco Unified Computing System 'copy'命令本地特权提升漏洞

Bugtraq ID:65638 CVE ID:CVE-2014-0730 Cisco Unified Computing System通过将统一计算、网络、存储访问和虚拟化整合到一个系统中,简化IT管理并提高灵活性。 Cisco Unified Computing System local-mgmt上下文存在安全漏洞，允许本地通过验证的攻击者提升权限。漏洞是由于不正确校验copy命令的输入，允许攻击者提交特殊命令来获得对shell的访问。 0 Cisco Unified Computing System Central Software 厂商补丁： Cisco -----...

6.8CVSS6.6AI score0.0007EPSS

Exploits1

Cisco•added 2014/02/19 10:58 p.m.•23 views

Cisco Unified Computing System Central Software Privilege Escalation Vulnerability

A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the copy command. An attacker could exploit this...

6.8CVSS6AI score0.0007EPSS

Exploits1References1

Cisco•added 2014/02/19 4:0 p.m.•25 views

Cisco UCS Director Default Credentials Vulnerability

A vulnerability in Cisco Unified Computing System UCS Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by...

9.3CVSS6.6AI score0.00471EPSS

Exploits1References1

Tenable Nessus•added 2014/02/18 12:0 a.m.•33 views

Cisco Unified Computing System Smart Call Home Input Validation Vulnerability (CSCtl00186)

A vulnerability in Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by configuring an invalid contact address fo...

4.6CVSS5.5AI score0.00121EPSS

Exploits0References2

Tenable Nessus•added 2014/02/13 12:0 a.m.•22 views

Cisco Unified Computing System Cisco Management Controller Denial of Service Vulnerability (CSCtg20734)

A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...

4.6CVSS5.6AI score0.00121EPSS

Exploits0References2

Tenable Nessus•added 2014/02/12 12:0 a.m.•23 views

Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability (CSCte90338)

A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...

5.8CVSS5.7AI score0.00327EPSS

Exploits0References2

Cisco•added 2013/10/21 5:57 p.m.•32 views

Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability

A vulnerability in the Fabric Interconnect KVM module of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to the virtual KVM sending video data unencrypted. An attacker could exploit this vulnerability b...

4.3CVSS2.7AI score0.00255EPSS

Exploits0References1

Cisco•added 2013/10/21 4:24 p.m.•27 views

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...

4.6CVSS1.8AI score0.00082EPSS

Exploits0References1

Prion•added 2013/10/21 10:50 a.m.•16 views

Code injection

The fabric-interconnect component in Cisco Unified Computing System UCS does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug...

5.8CVSS6.4AI score0.00255EPSS

Exploits0References1

NVD•added 2013/10/19 10:36 a.m.•15 views

CVE-2012-4117

The fabric-interconnect component in Cisco Unified Computing System UCS does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033...

5.8CVSS6.3AI score0.00137EPSS

Exploits0References1

NVD•added 2013/10/19 10:36 a.m.•19 views

CVE-2012-4112

The Baseboard Management Controller BMC in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330...

6.8CVSS7.5AI score0.00083EPSS

Exploits0References1

CVE•added 2013/10/19 10:0 a.m.•56 views

CVE-2012-4112

CVE-2012-4112 affects the Cisco UCS Baseboard Management Controller (BMC). A vulnerability in the BMC’s command-line interface (CLI) allows a locally authenticated attacker to inject arbitrary commands with elevated privileges due to improper filtering of user-supplied parameters. Exploitation re...

6.8CVSS7.7AI score0.00083EPSS

Exploits0References1Affected Software1

Cisco•added 2013/10/18 2:41 p.m.•25 views

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture KVM media connection credentials. The vulnerability is due to improperly securing the KVM media traffic between the server and the client. An attacker could...

4.3CVSS2.1AI score0.00265EPSS

Exploits0References1

Cisco•added 2013/10/18 2:39 p.m.•33 views

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture or modify KVM virtual media traffic. The vulnerability is due to improperly securing the KVM virtual media traffic between the server and the client. An attacker...

4.3CVSS3.2AI score0.00255EPSS

Exploits0References1

Cisco•added 2013/10/17 3:30 p.m.•26 views

Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...

4.6CVSS2.2AI score0.00061EPSS

Exploits0References1

Cisco•added 2013/10/14 8:48 p.m.•28 views

Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands with elevated privileges. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

4.6CVSS3.2AI score0.00067EPSS

Exploits0References1

Cisco•added 2013/10/14 8:10 p.m.•25 views

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect FI of the Cisco Unified Computing System could allow an authenticated, local attacker to create a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

4.6CVSS2.1AI score0.0013EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by