Lucene search
K
CiscoIntegrated Management Controller Supervisor

27 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6807 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2019/08/21 6:25 p.m.191 views

CVE-2019-1937

CVE-2019-1937 affects Cisco UCS Director/UCS Director Express for Big Data and IMC Supervisor via an authentication bypass in the web-based management interface caused by insufficient request header validation. An unauthenticated remote attacker could obtain a valid administrator session token an...

10CVSS9.7AI score0.75863EPSS
Web
CVE
CVE
added 2019/08/21 6:25 p.m.164 views

CVE-2019-1936

CVE-2019-1936 is a command-injection vulnerability in the web-based management interface of Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. It stems from insufficient input validation and, per Cisco’s advisory, can be exploited by an authenticated administra...

9CVSS7.3AI score0.39475EPSS
Web
CVE
CVE
added 2019/08/21 6:25 p.m.135 views

CVE-2019-1935

CVE-2019-1935 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The issue stems from a documented default account (scpuser) with an undocumented default password and improper permission settings, not enforced during installation. An unauthenticated, re...

10CVSS9.8AI score0.83386EPSS
CVE
CVE
added 2019/08/21 6:20 p.m.93 views

CVE-2019-1885

CVE-2019-1885 describes a command-injection vulnerability in the Cisco Integrated Management Controller (IMC) Redfish interface. The issue stems from insufficient validation of user-supplied input, enabling an authenticated, remote attacker to send crafted commands via the web-based management in...

9CVSS7.2AI score0.03798EPSS
CVE
CVE
added 2019/08/21 6:30 p.m.74 views

CVE-2019-1974

CVE-2019-1974 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The root cause is insufficient validation of request headers during authentication in the web-based management interface, allowing an unauthenticated, remote attacker to bypass login and g...

10CVSS9.8AI score0.04491EPSS
CVE
CVE
added 2019/08/21 6:20 p.m.66 views

CVE-2019-1896

CVE-2019-1896 affects Cisco Integrated Management Controller (IMC) web-based management interface. The vulnerability lies in the Certificate Signing Request (CSR) function where insufficient input validation allows an authenticated, remote attacker with administrator privileges to inject commands...

9CVSS7.3AI score0.0182EPSS
CVE
CVE
added 2019/08/21 6:20 p.m.66 views

CVE-2019-1900

The CVE-2019-1900 issue affects Cisco Integrated Management Controller (IMC) web server. The vulnerability stems from insufficient validation of user-supplied input on the web interface, allowing an unauthenticated, remote attacker to induce the web server process to crash via crafted HTTP reques...

7.8CVSS7.5AI score0.01904EPSS
CVE
CVE
added 2017/04/20 10:0 p.m.65 views

CVE-2017-6616

CVE-2017-6616 affects Cisco Integrated Management Controller (IMC) 3.0(1c). The issue arises from insufficient sanitization of user-supplied HTTP request values in the web-based GUI, allowing an attacker to execute arbitrary code on the affected system. The CVE describes an authenticated, remote ...

9CVSS8.8AI score0.04241EPSS
CVE
CVE
added 2017/04/20 10:0 p.m.65 views

CVE-2017-6617

Cisco IMC (Integrated Management Controller) 3.0(1c) Web GUI is vulnerable to session hijacking due to not issuing a new session identifier after user authentication. An unauthenticated, remote attacker could reuse a hijacked session to access an authenticated user’s browser session. This is docu...

5.4CVSS5.4AI score0.00967EPSS
CVE
CVE
added 2017/04/20 10:0 p.m.65 views

CVE-2017-6618

The CVE-2017-6618 entry concerns Cisco Integrated Management Controller (IMC) web GUI vulnerability in firmware 3.0(1c). The issue arises from insufficient input validation in the web-based GUI, enabling an authenticated, remote attacker to deliver a cross-site scripting (XSS) attack by convincin...

5.4CVSS5.3AI score0.00928EPSS
CVE
CVE
added 2015/09/04 1:0 a.m.63 views

CVE-2015-6259

CVE-2015-6259 affects Cisco Integrated Management Controller (IMC) Supervisor prior to 1.0.0.1 and Cisco UCS Director prior to 5.2.0.1. The JSP component enables remote attackers to overwrite arbitrary files via crafted HTTP requests, a vulnerability tracked as CSCus36435/CSCus62625. The issue is...

9.4CVSS7AI score0.02817EPSS
CVE
CVE
added 2020/05/06 4:40 p.m.62 views

CVE-2020-3329

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data are affected by a role-based access control vulnerability. Root cause: incorrect allocation of the enable/disable action button in the RBAC code, allowing a read-only authenticated attacker to update other users...

4.3CVSS4.7AI score0.00675EPSS
CVE
CVE
added 2019/08/21 6:5 p.m.60 views

CVE-2019-12634

Cisco CVE-2019-12634 affects the web-based management interfaces for IMC Supervisor, Cisco UCS Director, and UCS Director Express for Big Data. The root cause is a missing authentication check in an API call, allowing an unauthenticated, remote attacker to log off all currently authenticated user...

8.6CVSS7.7AI score0.02046EPSS
CVE
CVE
added 2019/08/21 6:25 p.m.60 views

CVE-2019-1907

CVE-2019-1907 affects Cisco UCS Integrated Management Controller (IMC) web server. The vulnerability arises from improper handling of substring comparisons, enabling an authenticated, remote attacker to modify sensitive configuration values and escalate privileges from read-only to administrator....

8.8CVSS8.8AI score0.01369EPSS
CVE
CVE
added 2019/08/21 6:10 p.m.58 views

CVE-2019-1634

CVE-2019-1634 affects Cisco’s Integrated Management Controller (IMC) IPMI. A vulnerability in IPMI input handling allows an authenticated remote attacker with administrator access to submit crafted inputs that can be executed with root privileges on the underlying OS. Documents consistently descr...

9CVSS7.2AI score0.02815EPSS
CVE
CVE
added 2019/08/21 6:15 p.m.56 views

CVE-2019-1865

Cisco IMC Software is vulnerable to a command-injection in its web-based management interface. The issue stems from insufficient validation of user-supplied input in an interface monitoring mechanism, allowing an authenticated remote attacker to craft a request that injects and executes arbitrary...

9CVSS8.8AI score0.03567EPSS
CVE
CVE
added 2019/08/21 6:15 p.m.56 views

CVE-2019-1871

The CVE-2019-1871 issue affects the Cisco Integrated Management Controller (IMC) Import Cisco IMC configuration utility. The root cause is improper bounds checking in the import-config process, leading to a buffer overflow. An authenticated, remote attacker can send malicious packets to the devic...

9CVSS7.5AI score0.03293EPSS
CVE
CVE
added 2019/08/21 6:20 p.m.56 views

CVE-2019-1883

CVE-2019-1883 affects Cisco Integrated Management Controller (IMC) CLI, where insufficient validation of user-supplied input on the command-line interface can allow an authenticated, local attacker with read-only privileges to inject arbitrary commands and gain root privileges. The vulnerability ...

7.8CVSS7.4AI score0.00411EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.55 views

CVE-2018-15404

The CVE-2018-15404 issue affects Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director web interfaces. A vulnerability due to insufficient restrictions on resource size/total amount allows an authenticated, remote attacker with valid credentials to send crafted HTTP reque...

6.5CVSS6.5AI score0.01069EPSS
CVE
CVE
added 2019/08/21 6:15 p.m.54 views

CVE-2019-1863

Cisco IMC Privilege Escalation (CVE-2019-1863) affects the web-based management interface of Cisco Integrated Management Controller. The root cause is insufficient authorization enforcement, allowing an authenticated user with read-only privileges to change critical configurations with administra...

9CVSS6.9AI score0.01703EPSS
CVE
CVE
added 2018/06/07 9:0 p.m.53 views

CVE-2018-0149

The CVE-2018-0149 entry affects Cisco Integrated Management Controller (IMC) Supervisor Software and Cisco UCS Director Software. The web-based management interface is vulnerable to DOM-based stored XSS caused by insufficient input validation. An authenticated, remote attacker can trick a user in...

4.8CVSS5AI score0.01255EPSS
CVE
CVE
added 2017/04/20 10:0 p.m.52 views

CVE-2017-6619

CVE-2017-6619 affects Cisco Integrated Management Controller (IMC) web GUI for version 3.0(1c). The issue arises from insufficient sanitization of HTTP input, allowing an authenticated, remote attacker to send a crafted HTTP POST with deserialized user data to execute arbitrary commands with root...

9CVSS8.9AI score0.0264EPSS
CVE
CVE
added 2019/08/21 6:25 p.m.52 views

CVE-2019-1908

The CVE-2019-1908 entry describes an information-disclosure vulnerability in the IPMI implementation of Cisco Integrated Management Controller (IMC). A remote, unauthenticated attacker could view sensitive information belonging to other users due to insufficient security restrictions in the affec...

7.5CVSS7.4AI score0.01997EPSS
CVE
CVE
added 2019/08/21 6:15 p.m.50 views

CVE-2019-1864

The CVE-2019-1864 issue affects Cisco Integrated Management Controller (IMC) Software’s web-based management interface. The root cause is insufficient validation of command input, enabling an authenticated, remote attacker (with read-only privileges) to inject and execute arbitrary system-level c...

9CVSS9AI score0.02629EPSS
CVE
CVE
added 2015/12/15 2:0 a.m.49 views

CVE-2015-6399

CVE-2015-6399 affects Cisco Integrated Management Controller (IMC) 1.0.0.0/1.0.0.1 before 2.0(9). The issue arises from insufficient input sanitization for certain HTTP parameters, enabling an authenticated remote attacker to craft an HTTP request that causes the IMC IP interface to become inacce...

6.8CVSS6.4AI score0.02192EPSS
CVE
CVE
added 2019/08/21 6:10 p.m.47 views

CVE-2019-1850

Cisco IMC Command Injection (CVE-2019-1850) affects the web-based management interface of Cisco Integrated Management Controller. An authenticated administrator can inject and execute arbitrary system-level commands with root privileges by sending crafted input via the administrative web interfac...

9CVSS7.1AI score0.03507EPSS