12 matches found
CVE-2019-1628
The CVE-2019-1628 issue affects Cisco Integrated Management Controller (IMC) web server. It's a numeric/buffer-overflow type vulnerability caused by incorrect bounds checking, exploitable by a crafted HTTP request from an authenticated, local attacker, leading to a process crash and DoS on the de...
CVE-2019-1879
CVE-2019-1879 affects Cisco Integrated Management Controller (IMC) CLI. The issue is due to insufficient validation of user-supplied input in CLI commands, allowing an authenticated local attacker to inject and execute arbitrary commands with root privileges. Exploitation requires admin authentic...
CVE-2019-1631
CVE-2019-1631 concerns Cisco’s Integrated Management Controller (IMC) Web UI. The vulnerability allows an unauthenticated, remote attacker to view sensitive system usage information due to inadequate data protection in the IMC web interface. An attacker can exploit this by sending a crafted HTTP ...
CVE-2019-1630
Cisco CVE-2019-1630 is a denial-of-service vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC). A local, authenticated attacker can trigger a buffer overflow by supplying a crafted file, potentially inhibiting an administrator’s access to the s...
CVE-2019-1632
The CVE-2019-1632 entry describes a CSRF vulnerability in Cisco Integrated Management Controller (IMC) where an authenticated remote attacker can cause arbitrary actions via the web-based management interface due to insufficient CSRF protections. Exploitation requires a user to follow a malicious...
CVE-2019-1629
The CVE-2019-1629 issue affects Cisco Integrated Management Controller (IMC) via the configuration import utility. It stems from a failure to delete temporarily uploaded files, allowing an unauthenticated, remote attacker to gain write access and upload arbitrary data to the filesystem. This coul...
CVE-2019-1627
CVE-2019-1627 : Cisco Integrated Management Controller (IMC) Server Utilities contain an information-disclosure vulnerability where an authenticated, remote attacker could download the configuration file due to insufficient protection of data in the configuration data. This could expose sensitive...
CVE-2020-3470
Cisco IMC (Integrated Management Controller) API subsystem suffers multiple RCE vulnerabilities due to improper boundary checks on user input, enabling unauthenticated remote code execution with root privileges via crafted HTTP requests. Affected systems include Cisco UCS C-Series and UCS-E/S sto...
CVE-2020-3371
CVE-2020-3371 affects Cisco Integrated Management Controller (IMC) via its web UI. The issue is a command-injection vulnerability caused by insufficient input validation, allowing an authenticated, remote attacker to inject and execute arbitrary OS commands over the management interface. Impact i...
CVE-2021-1397
Cisco IMC Open Redirect vulnerability (CVE-2021-1397) affects the web-based management interface of Cisco Integrated Management Controller software. Type: improper input validation in HTTP request parameters, exploitable via a crafted link to redirect users to a malicious site. Impact is open red...
CVE-2014-3348
CVE-2014-3348 affects Cisco UCS IMC SSH on E-Series blade servers, with the SSH module prior to 2.3(1) vulnerable to remote, unauthenticated DoS (IMC hang) via a crafted SSH packet. Affected product: Cisco Integrated Management Controller (IMC) in UCS E-Series blade servers. Root cause: improper ...
CVE-2018-15447
CVE-2018-15447 affects Cisco Integrated Management Controller (IMC) Supervisor. The vulnerability stems from inadequate validation of user-supplied input in SQL queries, allowing an unauthenticated, remote attacker to execute arbitrary SQL via crafted URLs to the affected web framework. Documente...