754 matches found
Design/Logic Flaw
The fabric-interconnect component in Cisco Unified Computing System UCS uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477...
Design/Logic Flaw
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554...
CVE-2012-4105
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to cause a denial of service component crash via crafted "debug hardware" parameters, aka Bug ID CSCtq86468...
Code injection
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to cause a denial of service component crash via crafted "debug hardware" parameters, aka Bug ID CSCtq86468...
CVE-2012-4105
The CVE-2012-4105 issue affects the Cisco UCS fabric interconnect; the vulnerability arises from improper filtering of user-supplied parameters in the debug hardware command, allowing an authenticated, local attacker to crash the FI (DoS) via crafted parameters (Bug ID CSCtq86468). Affected compo...
CVE-2012-4105
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to cause a denial of service component crash via crafted "debug hardware" parameters, aka Bug ID CSCtq86468...
CVE-2012-4108
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554...
CVE-2012-4106
The CVE-2012-4106 issue affects Cisco UCS fabric interconnects. Affected component: fabric-interconnect in Cisco Unified Computing System (UCS). Root cause: all scripts execute at the same privilege level, allowing a local attacker to escalate privileges and run arbitrary CLI commands via an exis...
CVE-2012-4107
The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489...
CVE-2012-4107
The CVE-2012-4107 entry describes a privilege-escalation flaw in Cisco UCS fabric interconnects. Affected component: fabric interconnect of Cisco Unified Computing System. Root cause: improper filtering of user-supplied parameters to certain file-related commands allows a local attacker to gain e...
CVE-2012-4108
The CVE-2012-4108 entry concerns Cisco Unified Computing System (UCS) fabric interconnect. The vulnerability arises from improper filtering of user-supplied parameters to a file-related command, enabling an authenticated, local attacker to gain privileges and execute arbitrary operating-system co...
CVE-2012-4106
The fabric-interconnect component in Cisco Unified Computing System UCS uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477...
Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability
A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...
CVE-2012-4084
Cross-site request forgery CSRF vulnerability in the web-management interface in the fabric interconnect FI component in Cisco Unified Computing System UCS allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the web-management interface in the fabric interconnect FI component in Cisco Unified Computing System UCS allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755...
CVE-2012-4084
Cisco UCS Fabric Interconnect web management interface CSRF vulnerability (CVE-2012-4084) allows unauthenticated remote attackers to hijack user authentication via cookie-based session handling. Exploitation would enable the attacker to perform actions as the affected user; Cisco notes that softw...
CVE-2012-4084
Cross-site request forgery CSRF vulnerability in the web-management interface in the fabric interconnect FI component in Cisco Unified Computing System UCS allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755...
Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability
A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. A...
CVE-2012-4136
The CVE-2012-4136 issue affects Cisco UCS Fabric Interconnect’s high-availability service. The root cause is improper binding of the cluster service to the management interface, which can let a remote attacker connected via Telnet access sensitive information or cause a peer‑syncing denial of ser...
CVE-2012-4136
The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System UCS does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service peer-syncing outage via a...