27 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2019-1937
CVE-2019-1937 affects Cisco UCS Director/UCS Director Express for Big Data and IMC Supervisor via an authentication bypass in the web-based management interface caused by insufficient request header validation. An unauthenticated remote attacker could obtain a valid administrator session token an...
CVE-2019-1936
CVE-2019-1936 is a command-injection vulnerability in the web-based management interface of Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. It stems from insufficient input validation and, per Cisco’s advisory, can be exploited by an authenticated administra...
CVE-2019-1935
CVE-2019-1935 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The issue stems from a documented default account (scpuser) with an undocumented default password and improper permission settings, not enforced during installation. An unauthenticated, re...
CVE-2019-1885
CVE-2019-1885 describes a command-injection vulnerability in the Cisco Integrated Management Controller (IMC) Redfish interface. The issue stems from insufficient validation of user-supplied input, enabling an authenticated, remote attacker to send crafted commands via the web-based management in...
CVE-2019-1974
CVE-2019-1974 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The root cause is insufficient validation of request headers during authentication in the web-based management interface, allowing an unauthenticated, remote attacker to bypass login and g...
CVE-2019-1896
CVE-2019-1896 affects Cisco Integrated Management Controller (IMC) web-based management interface. The vulnerability lies in the Certificate Signing Request (CSR) function where insufficient input validation allows an authenticated, remote attacker with administrator privileges to inject commands...
CVE-2019-1900
The CVE-2019-1900 issue affects Cisco Integrated Management Controller (IMC) web server. The vulnerability stems from insufficient validation of user-supplied input on the web interface, allowing an unauthenticated, remote attacker to induce the web server process to crash via crafted HTTP reques...
CVE-2017-6616
CVE-2017-6616 affects Cisco Integrated Management Controller (IMC) 3.0(1c). The issue arises from insufficient sanitization of user-supplied HTTP request values in the web-based GUI, allowing an attacker to execute arbitrary code on the affected system. The CVE describes an authenticated, remote ...
CVE-2017-6617
Cisco IMC (Integrated Management Controller) 3.0(1c) Web GUI is vulnerable to session hijacking due to not issuing a new session identifier after user authentication. An unauthenticated, remote attacker could reuse a hijacked session to access an authenticated user’s browser session. This is docu...
CVE-2017-6618
The CVE-2017-6618 entry concerns Cisco Integrated Management Controller (IMC) web GUI vulnerability in firmware 3.0(1c). The issue arises from insufficient input validation in the web-based GUI, enabling an authenticated, remote attacker to deliver a cross-site scripting (XSS) attack by convincin...
CVE-2015-6259
CVE-2015-6259 affects Cisco Integrated Management Controller (IMC) Supervisor prior to 1.0.0.1 and Cisco UCS Director prior to 5.2.0.1. The JSP component enables remote attackers to overwrite arbitrary files via crafted HTTP requests, a vulnerability tracked as CSCus36435/CSCus62625. The issue is...
CVE-2020-3329
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data are affected by a role-based access control vulnerability. Root cause: incorrect allocation of the enable/disable action button in the RBAC code, allowing a read-only authenticated attacker to update other users...
CVE-2019-12634
Cisco CVE-2019-12634 affects the web-based management interfaces for IMC Supervisor, Cisco UCS Director, and UCS Director Express for Big Data. The root cause is a missing authentication check in an API call, allowing an unauthenticated, remote attacker to log off all currently authenticated user...
CVE-2019-1907
CVE-2019-1907 affects Cisco UCS Integrated Management Controller (IMC) web server. The vulnerability arises from improper handling of substring comparisons, enabling an authenticated, remote attacker to modify sensitive configuration values and escalate privileges from read-only to administrator....
CVE-2019-1634
CVE-2019-1634 affects Cisco’s Integrated Management Controller (IMC) IPMI. A vulnerability in IPMI input handling allows an authenticated remote attacker with administrator access to submit crafted inputs that can be executed with root privileges on the underlying OS. Documents consistently descr...
CVE-2019-1865
Cisco IMC Software is vulnerable to a command-injection in its web-based management interface. The issue stems from insufficient validation of user-supplied input in an interface monitoring mechanism, allowing an authenticated remote attacker to craft a request that injects and executes arbitrary...
CVE-2019-1871
The CVE-2019-1871 issue affects the Cisco Integrated Management Controller (IMC) Import Cisco IMC configuration utility. The root cause is improper bounds checking in the import-config process, leading to a buffer overflow. An authenticated, remote attacker can send malicious packets to the devic...
CVE-2019-1883
CVE-2019-1883 affects Cisco Integrated Management Controller (IMC) CLI, where insufficient validation of user-supplied input on the command-line interface can allow an authenticated, local attacker with read-only privileges to inject arbitrary commands and gain root privileges. The vulnerability ...
CVE-2018-15404
The CVE-2018-15404 issue affects Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director web interfaces. A vulnerability due to insufficient restrictions on resource size/total amount allows an authenticated, remote attacker with valid credentials to send crafted HTTP reque...
CVE-2019-1863
Cisco IMC Privilege Escalation (CVE-2019-1863) affects the web-based management interface of Cisco Integrated Management Controller. The root cause is insufficient authorization enforcement, allowing an authenticated user with read-only privileges to change critical configurations with administra...
CVE-2018-0149
The CVE-2018-0149 entry affects Cisco Integrated Management Controller (IMC) Supervisor Software and Cisco UCS Director Software. The web-based management interface is vulnerable to DOM-based stored XSS caused by insufficient input validation. An authenticated, remote attacker can trick a user in...
CVE-2017-6619
CVE-2017-6619 affects Cisco Integrated Management Controller (IMC) web GUI for version 3.0(1c). The issue arises from insufficient sanitization of HTTP input, allowing an authenticated, remote attacker to send a crafted HTTP POST with deserialized user data to execute arbitrary commands with root...
CVE-2019-1908
The CVE-2019-1908 entry describes an information-disclosure vulnerability in the IPMI implementation of Cisco Integrated Management Controller (IMC). A remote, unauthenticated attacker could view sensitive information belonging to other users due to insufficient security restrictions in the affec...
CVE-2019-1864
The CVE-2019-1864 issue affects Cisco Integrated Management Controller (IMC) Software’s web-based management interface. The root cause is insufficient validation of command input, enabling an authenticated, remote attacker (with read-only privileges) to inject and execute arbitrary system-level c...
CVE-2015-6399
CVE-2015-6399 affects Cisco Integrated Management Controller (IMC) 1.0.0.0/1.0.0.1 before 2.0(9). The issue arises from insufficient input sanitization for certain HTTP parameters, enabling an authenticated remote attacker to craft an HTTP request that causes the IMC IP interface to become inacce...
CVE-2019-1850
Cisco IMC Command Injection (CVE-2019-1850) affects the web-based management interface of Cisco Integrated Management Controller. An authenticated administrator can inject and execute arbitrary system-level commands with root privileges by sending crafted input via the administrative web interfac...