CVE-2012-4108

The CVE-2012-4108 entry concerns Cisco Unified Computing System (UCS) fabric interconnect. The vulnerability arises from improper filtering of user-supplied parameters to a file-related command, enabling an authenticated, local attacker to gain privileges and execute arbitrary operating-system co...

Cisco Unified Computing System Multiple Vulnerabilities (cisco-sa-20130424-ucsmulti)

Cisco Unified Computing System is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco UCS Manager Detection (HTTP)

HTTP based detection of Cisco UCS Manager. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability

A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...

CVE-2012-4084

Cross-site request forgery CSRF vulnerability in the web-management interface in the fabric interconnect FI component in Cisco Unified Computing System UCS allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755...

Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability

A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. A...

Authentication flaw

The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System UCS does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service peer-syncing outage via a...

CVE-2012-4110

run-script in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560...

Command injection

The create certreq command in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563...

CVE-2012-4103

ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686...

Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability

A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerability

A vulnerability in the run-script command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability

A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...

A Decade of Microsoft Patch Tuesday Security Updates

On Oct. 9, 2003, Microsoft announced its new security patching process that would end up being a catalyst for significant change in the information security community. Ten years ago, the program was announced with a press release that promised “Improved patch management processes, policies and...

Cisco Unified Computing System Fabric Interconnect Directory Traversal Vulnerability

A vulnerability in the image download process of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to overwrite arbitrary files on the filesystem. The vulnerability occurs because the storage location is defined in the image header. An attacker...

Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability

A vulnerability in the Baseboard Management Controller BMC local file editor of the Cisco Unified Computing System could allow an authenticated, local attacker to modify the contents of arbitrary files on the fabric interconnect. The vulnerability is due to a failure to properly sanitize user...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerability

A vulnerability in the local file editor of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to access arbitrary files on the userland filesystem with root privileges. The vulnerability is due to improper input filtering . An attacker could explo...

CVE-2012-4096

The CVE-2012-4096 issue affects Cisco UCS BMC local file editor. Affected product: Cisco Unified Computing System BMC. Description in Cisco advisory and Red Hat/NVD entries confirms that an authenticated, local attacker can modify arbitrary files on the fabric interconnect by abusing the local fi...

CVE-2012-1313

The CVE-2012-1313 entry concerns Cisco UCS PALO adapter cards where the remote debug shell accepts malformed show-macstats parameters, enabling an authenticated, local attacker to gain elevated privileges (potential root access) on the underlying OS. The issue arises from improper handling of cer...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the public XML API service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation in the XML API service. An attacker could exploit...