EUVD-2019-2483

Malware in sbrugna...

Cisco UCS Software Cisco Discovery Protocol Arbitrary Code Execution and DoS (cisco-sa-20200226-fxos-nxos-cdp)

According to its self-reported version, Cisco UCS Software is affected by a vulnerability in the Cisco Discovery Protocol feature due to insufficient validation of Cisco Discovery Protocol packet headers. An unauthenticated, adjacent attacker can exploit this, by sending a crafted Cisco Discovery...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System UCS software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cis...

CVE-2019-10689

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector BToE application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information...

CVE-2019-10689

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector BToE application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information...

Authentication flaw

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector BToE application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information...

CVE-2019-10689

CVE-2019-10689 affects Polycom VVX family with UCS software ≤ 5.9.2 and Better Together over Ethernet Connector (BToE) ≤ 3.9.1. The root issue is insufficient authentication between the BToE application and the BToE component, which enables leakage of sensitive information. Public details in the ...

CVE-2019-10689

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector BToE application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information...

Cisco Unified Computing System Local Command Injection Vulnerability (CNVD-2018-13560)

Cisco Unified Computing System UCS Software is a set of unified computing system of the United States Cisco Cisco. The system through the extensive use of virtualization technology will be integrated into a platform of network, computing and virtualization resources. A local command injection...

CVE-2018-0338

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

CVE-2018-0338

Summary: CVE-2018-0338 affects Cisco Unified Computing System (UCS) Software, where the role-based access-checking mechanisms fail to properly validate inputs for certain file systems. An authenticated, local attacker could exploit this by issuing crafted commands in the system’s CLI to cause oth...

CVE-2018-0338

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

Cisco Unified Computing System Manager Remote Command Execution Vulnerability (cisco-sa-20160120-ucsm)

A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...