754 matches found
CVE-2012-4114
The fabric-interconnect KVM module in Cisco Unified Computing System UCS does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949...
CVE-2012-4117
The fabric-interconnect component in Cisco Unified Computing System UCS does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033...
CVE-2012-4113
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374...
CVE-2012-4114
CVE-2012-4114 describes a vulnerability in the Cisco UCS Fabric Interconnect KVM module where video data is not encrypted, allowing a man-in-the-middle to sniff or insert packets between KVM server and remote display. Affected: Cisco UCS Fabric Interconnect KVM module (unconfirmed exact versions ...
CVE-2012-4116
The CVE-2012-4116 issue affects the Fabric Interconnect component of Cisco UCS, where KVM media traffic is not encrypted. This creates the potential for an unauthenticated, remote attacker to sniff traffic and obtain sensitive information, which could enable the attacker to complete the authentic...
CVE-2012-4113
The CVE-2012-4113 issue affects Cisco UCS Fabric Interconnect. It allows an authenticated, local attacker to view arbitrary files on the device’s filesystem by supplying crafted CLI command parameters. Root cause is improper filtering of user-supplied parameters in the CLI. Exploitation requires ...
CVE-2012-4117
The CVE-2012-4117 issue concerns Cisco UCS Fabric Interconnect, where the server SSL certificate is not properly verified. This allows a man-in-the-middle attacker to watch or modify SSL KVM video-channel traffic via a crafted certificate. The vulnerability is tied to Bug ID CSCtr73033. Cisco’s a...
CVE-2012-4116
The fabric-interconnect component in Cisco Unified Computing System UCS does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970...
Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability
A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to improper verification of the server SSL certificate. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability
A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture KVM media connection credentials. The vulnerability is due to improperly securing the KVM media traffic between the server and the client. An attacker could...
Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability
A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture or modify KVM virtual media traffic. The vulnerability is due to improperly securing the KVM virtual media traffic between the server and the client. An attacker...
Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability
A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...
Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerability
A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands with elevated privileges. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability
A vulnerability in the fabric interconnect FI of the Cisco Unified Computing System could allow an authenticated, local attacker to create a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Fabric Interconnect Privilege Escalation Vulnerability
A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute scripts with elevated privileges. The vulnerability occurs because all scripts are executed at the same privilege level. An attacker could exploit this...
Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerability
A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...
CVE-2012-4106
The fabric-interconnect component in Cisco Unified Computing System UCS uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477...
CVE-2012-4108
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554...
CVE-2012-4107
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489...
Command injection
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489...