754 matches found
CVE-2012-4110
run-script in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560...
CVE-2012-4104
CVE-2012-4104 affects Cisco UCS Fabric Interconnect’s image-download process, enabling absolute path traversal via a header-defined storage location. The underlying issue allows a local authenticated attacker to overwrite or delete arbitrary files on the filesystem by supplying a crafted image he...
Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability
A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...
Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerability
A vulnerability in the run-script command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...
Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability
A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...
Cisco Unified Computing System Fabric Interconnect Directory Traversal Vulnerability
A vulnerability in the image download process of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to overwrite arbitrary files on the filesystem. The vulnerability occurs because the storage location is defined in the image header. An attacker...
Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability
A vulnerability in the Baseboard Management Controller BMC local file editor of the Cisco Unified Computing System could allow an authenticated, local attacker to modify the contents of arbitrary files on the fabric interconnect. The vulnerability is due to a failure to properly sanitize user...
Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerability
A vulnerability in the local file editor of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to access arbitrary files on the userland filesystem with root privileges. The vulnerability is due to improper input filtering . An attacker could explo...
CVE-2012-4096
The local file editor in the Baseboard Management Controller BMC in Cisco Unified Computing System UCS allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574...
Command injection
The local file editor in the Baseboard Management Controller BMC in Cisco Unified Computing System UCS allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574...
CVE-2012-4096
The CVE-2012-4096 issue affects Cisco UCS BMC local file editor. Affected product: Cisco Unified Computing System BMC. Description in Cisco advisory and Red Hat/NVD entries confirms that an authenticated, local attacker can modify arbitrary files on the fabric interconnect by abusing the local fi...
Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability
A vulnerability in the public XML API service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation in the XML API service. An attacker could exploit...
Cisco Unified Computing System Fabric Interconnect Remote Access Vulnerability
A vulnerability in the high availability service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to gain access to sensitive information and prevent the cluster service from syncing with its peers. The vulnerability is due to improper binding ...
CVE-2012-4079
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System UCS allows remote attackers to cause a denial of service API service outage via a malformed XML document in a packet, aka Bug ID CSCtg48206...
Code injection
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System UCS allows remote attackers to cause a denial of service API service outage via a malformed XML document in a packet, aka Bug ID CSCtg48206...
CVE-2012-4079
CVE-2012-4079 affects Cisco UCS Fabric Interconnect: the XML API service can be brought down by a remote, unauthenticated attacker sending a malformed XML packet. Root cause is improper input validation in the XML API service. Impact is a DoS (API service outage). Cisco’s advisory notes that soft...
CVE-2012-4079
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System UCS allows remote attackers to cause a denial of service API service outage via a malformed XML document in a packet, aka Bug ID CSCtg48206...
CVE-2012-4086
A setup script for fabric interconnect devices in Cisco Unified Computing System UCS allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790...
Code injection
A setup script for fabric interconnect devices in Cisco Unified Computing System UCS allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790...
CVE-2012-4086
CVE-2012-4086 affects Cisco Unified Computing System (UCS) fabric interconnect devices. The issue resides in the initial setup script, where unfiltered input during configuration can be exploited by an unauthenticated, remote attacker to execute arbitrary commands on the underlying OS with the da...