5 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2023-20012
CVE-2023-20012 affects the Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) used in UCS Fabric Interconnect deployments. The issue is an improper implementation of the password validation function in the CLI console login, allowing an unauthenticated, physically-adjacent attacker to bypass authe...
CVE-2023-20015
CVE-2023-20015 affects Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and Cisco UCS 6200–6500 Fabric Interconnects. The root cause is insufficient input validation of user-supplied commands in the CLI, enabling an authenticated, local attacker to inject unauthorized commands. An...
CVE-2023-20016
CVE-2023-20016 affects Cisco UCS Manager Software and Cisco FXOS Software backups/export files. The root issue is a weakness in the backup encryption method using a static key, which could let an unauthenticated attacker with access to a backup decrypt sensitive data stored in full state and conf...
CVE-2024-20280
CVE-2024-20280 affects Cisco UCS Central Software backup feature. The root cause is a weakness in the encryption method using a static key for backup configuration, allowing an attacker with access to a backup file to learn sensitive information stored in full state and configuration backups. Aff...