Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability

A vulnerability in Cisco Unified Computing System software KVM client could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to improper certificate validation by the KVM client. An attacker could exploit this vulnerability by intercepting ...

Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability

A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...

Cisco Unified Computing System Smart Call Home Input Validation Vulnerability

A vulnerability in Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by configuring an invalid contact address fo...

Cisco Unified Computing System (UCS) Manager Version

Cisco Unified Computing System UCS Manager software is listening on remote Cisco device. It allows for the management of Cisco UCS hardware and software components. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69919; scriptversion"1.8";...

Multiple Vulnerabilities in Cisco Unified Computing System (cisco-sa-20130424-ucsmulti)

Managed and standalone Cisco Unified Computing System UCS deployments contain one or more of the following vulnerabilities : - Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability CVE-2013-1182 - Cisco Unified Computing System IPMI Buffer Overflow Vulnerability CVE-2013-11...

Default Password (cliuser) for 'cliuser' Account

The account 'cliuser' on the remote host has the password 'cliuser'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Cisco Unified Computing System Platform Emulator is known to use these credentials to provide administrative access to the CLI...

Cisco Unified Computing System multiple security vulnerabilities

Buffer overflow, information leakage, authentication bypass, DoS...

Cisco Unified Computing System Central Software DOM-Based Cross-Site Scripting Vulnerability

Cisco Unified Computing System Central Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability exists because the affected software fails to perform sufficient validation and sanitation of user-supplied inpu...

CVE-2013-1178

Multiple buffer overflows in the Cisco Discovery Protocol CDP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.24 and 6.x before 6.11, Nexus 5000 and 5500 devices 4.x and 5.x before 5.13N11, Nexus 4000 devices before 4.12E11h, Nexus 3000 devices 5.x before 5.03U31, Nexus...

Buffer overflow

Multiple buffer overflows in the Cisco Discovery Protocol CDP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.24 and 6.x before 6.11, Nexus 5000 and 5500 devices 4.x and 5.x before 5.13N11, Nexus 4000 devices before 4.12E11h, Nexus 3000 devices 5.x before 5.03U31, Nexus...

Design/Logic Flaw

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.03N22, Nexus 3000 devices 5.x before 5.03U32, and Unified Computing System UCS 6200 devices before 2.01w allows remote attackers to cause a denial of service device reload by sending a jumbo packet to the management interface, aka Bug IDs...

CVE-2013-1181

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.03N22, Nexus 3000 devices 5.x before 5.03U32, and Unified Computing System UCS 6200 devices before 2.01w allows remote attackers to cause a denial of service device reload by sending a jumbo packet to the management interface, aka Bug IDs...

CVE-2013-1184

CVE-2013-1184 affects Cisco UCS Manager (XML API management service) in UCS 1.x before 1.2(1b). The Management API can be triggered by a malformed request to cause a denial-of-service (service outage). Affected component: XML API management service in the Manager. Root cause: malformed request ha...

CVE-2013-1182

The CVE-2013-1182 issue affects Cisco UCS: the login page of the UCS Manager Web Console allows remote LDAP authentication bypass via a malformed request in versions prior to 1.0(2h), 1.1 prior to 1.1(1j), and 1.3(x). Root cause is an LDAP authentication bypass in the Web Console login flow. Impa...

CVE-2013-1181

Cisco NX-OS-based products (Nexus 5500, Nexus 3000, UCS 6200) are affected by CVE-2013-1181. The issue allows remote attackers to trigger a denial-of-service (device reload) by sending a jumbo packet to the management interface. Affected ranges noted as Nexus 5500 4.x/5.x before 5.0(3)N2(2), Nexu...

CVE-2013-1186

CVE-2013-1186 concerns Cisco UCS: versions 1.x before 1.4(4) and 2.x before 2.0(2m) are affected by a KVM authentication bypass via a crafted IMC authentication request. The issue is part of a Cisco UCS multi-vulnerability set; other CVEs (1182–1185) accompany it. Affected component is the Cisco ...

Cisco Releases Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive...

Cisco Unified Computing System Fabric Interconnect SNMP Message Processing Denial of Service Vulnerability

Cisco Unified Computing System contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to errors in processing malicious Simple Network Management Protocol SNMP messages by the affected software. An...

Cisco Unified Computing System Remote Denial of Service Vulnerability

Cisco Unified Computing System contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of user-supplied SSH requests by affected software. An unauthenticated,...

CVE-2012-1339

The Fabric Interconnect component in Cisco Unified Computing System UCS 2.0 allows remote attackers to cause a denial of service process crash via an attempted SSH session, aka Bug ID CSCtt94543...