Lucene search
K
CiscoUcs Director

26 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6878 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2019/08/21 6:25 p.m.191 views

CVE-2019-1937

CVE-2019-1937 affects Cisco UCS Director/UCS Director Express for Big Data and IMC Supervisor via an authentication bypass in the web-based management interface caused by insufficient request header validation. An unauthenticated remote attacker could obtain a valid administrator session token an...

10CVSS9.7AI score0.75863EPSS
Web
CVE
CVE
added 2019/08/21 6:25 p.m.164 views

CVE-2019-1936

CVE-2019-1936 is a command-injection vulnerability in the web-based management interface of Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. It stems from insufficient input validation and, per Cisco’s advisory, can be exploited by an authenticated administra...

9CVSS7.3AI score0.39475EPSS
Web
CVE
CVE
added 2019/08/21 6:25 p.m.135 views

CVE-2019-1935

CVE-2019-1935 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The issue stems from a documented default account (scpuser) with an undocumented default password and improper permission settings, not enforced during installation. An unauthenticated, re...

10CVSS9.8AI score0.83386EPSS
CVE
CVE
added 2020/01/26 4:45 a.m.134 views

CVE-2019-16003

CVE-2019-16003 affects Cisco UCS Director Web-based management interface. A flaw in the authentication logic could allow an unauthenticated, remote attacker to download system log files generated by an administrator by sending a crafted request to the web interface. The vulnerability stems from h...

5.3CVSS5AI score0.01221EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.124 views

CVE-2020-3243

CVE-2020-3243 relates to Cisco UCS Director and Cisco UCS Director Express for Big Data REST API vulnerabilities that may allow a remote attacker to bypass authentication or perform directory traversal on affected devices. According to NVD, CVSSv3 base score is 9.8 (CRITICAL) with network attack ...

9.8CVSS9.7AI score0.88374EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.120 views

CVE-2020-3250

Cisco UCS Director and Cisco UCS Director Express for Big Data have REST API vulnerabilities that may allow remote attackers to bypass authentication and perform directory traversal on affected devices. The common root cause cited is insufficient access control validation and improper input handl...

9.8CVSS9.7AI score0.60158EPSS
CVE
CVE
added 2022/05/27 2:6 p.m.111 views

CVE-2022-20765

Cisco UCS Director web applications are vulnerable to Cross-Site Scripting (XSS) due to unsanitized user input. An authenticated, remote attacker could submit crafted JavaScript, potentially rewriting page content, accessing sensitive information stored in the apps, and altering form data. A Cisc...

4.8CVSS4.8AI score0.00536EPSS
CVE
CVE
added 2020/06/18 2:21 a.m.88 views

CVE-2020-3242

CVE-2020-3242 – Cisco UCS Director Information Disclosure : A vulnerability in the REST API could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The issue arises because confidential information is returned as par...

4.9CVSS4.9AI score0.01076EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.81 views

CVE-2020-3239

CVE-2020-3239 affects Cisco UCS Director and Cisco UCS Director Express for Big Data. The REST API has multiple vulnerabilities that may allow a remote attacker to bypass authentication or perform directory traversal on an affected device. Exploitation is remote and network-driven, tied to REST A...

9.8CVSS8.9AI score0.73566EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.78 views

CVE-2020-3240

CVE-2020-3240 affects Cisco UCS Director and Cisco UCS Director Express for Big Data REST API. The advisory and third-party writeups confirm multiple vulnerabilities in the REST API that may allow a remote attacker to bypass authentication or perform directory traversal. The root cause involves i...

9.8CVSS8.7AI score0.38693EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.78 views

CVE-2020-3248

Cisco UCS Director and Cisco UCS Director Express for Big Data expose multiple REST API vulnerabilities (CVE-2020-3248 and related CVEs) that may allow a remote attacker to bypass authentication or perform directory traversal. Root cause: insufficient validation of user input in REST API paths (e...

10CVSS9.8AI score0.7391EPSS
CVE
CVE
added 2020/04/15 8:11 p.m.77 views

CVE-2020-3251

Cisco UCS Director and Cisco UCS Director Express for Big Data contain multiple REST API vulnerabilities (CVE-2020-3251) that may allow a remote attacker to bypass authentication or perform directory traversal due to insufficient input validation in the REST API, including the MyCallable class. A...

9.8CVSS9.3AI score0.61516EPSS
CVE
CVE
added 2019/08/21 6:30 p.m.74 views

CVE-2019-1974

CVE-2019-1974 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The root cause is insufficient validation of request headers during authentication in the web-based management interface, allowing an unauthenticated, remote attacker to bypass login and g...

10CVSS9.8AI score0.04491EPSS
CVE
CVE
added 2020/06/18 2:21 a.m.73 views

CVE-2020-3241

CVE-2020-3241. A path-traversal vulnerability in Cisco UCS Director’s orchestration tasks arises from insufficient validation of user-supplied input on the web-based management interface. An authenticated, remote attacker could craft a task with specific configuration parameters to overwrite arbi...

8.5CVSS6.5AI score0.01982EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.72 views

CVE-2020-3249

Cisco UCS Director and Cisco UCS Director Express for Big Data REST API vulnerabilities (CVE-2020-3249 and related CVEs) allow remote attackers to bypass authentication or perform directory traversal due to insufficient input validation in REST endpoints. Connected advisories pin the root cause t...

9.8CVSS7.9AI score0.23056EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.71 views

CVE-2020-3247

CVE-2020-3247 affects Cisco UCS Director and Cisco UCS Director Express for Big Data REST API. The issues stem from insufficient input validation in the REST API (and related file upload handling), enabling remote attackers to bypass authentication or perform directory traversal on affected devic...

10CVSS9.8AI score0.75072EPSS
CVE
CVE
added 2020/08/17 6:0 p.m.71 views

CVE-2020-3464

CVE-2020-3464 affects Cisco UCS Director web UI via stored XSS due to improper input validation. The issue requires authenticated, administrative access to exploit, enabling arbitrary script execution or access to browser data in the affected session. Multiple connected records confirm: (1) vulne...

4.8CVSS4.9AI score0.00617EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.68 views

CVE-2018-15405

CVE-2018-15405 affects Cisco IMC Supervisor and Cisco UCS Director web interfaces. The root cause is an authorization check that fails to include the user’s access level, allowing an authenticated attacker with valid credentials to send crafted HTTP requests and view sensitive information belongi...

6.5CVSS6.3AI score0.01846EPSS
CVE
CVE
added 2020/04/15 8:11 p.m.68 views

CVE-2020-3252

CVE-2020-3252 covers multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data. The issues enable remote attackers to bypass authentication or perform directory traversal due to insufficient access validation and input validation in REST API endpoi...

9.8CVSS8.3AI score0.05326EPSS
CVE
CVE
added 2019/08/21 6:30 p.m.63 views

CVE-2019-1938

The CVE-2019-1938 issue affects Cisco UCS Director and Cisco UCS Director Express for Big Data, via an authentication bypass in the web-based management interface caused by improper handling of authentication requests. A remote, unauthenticated attacker could bypass authentication and perform adm...

10CVSS10AI score0.04566EPSS
CVE
CVE
added 2020/05/06 4:40 p.m.62 views

CVE-2020-3329

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data are affected by a role-based access control vulnerability. Root cause: incorrect allocation of the enable/disable action button in the RBAC code, allowing a read-only authenticated attacker to update other users...

4.3CVSS4.7AI score0.00675EPSS
CVE
CVE
added 2019/08/21 6:5 p.m.60 views

CVE-2019-12634

Cisco CVE-2019-12634 affects the web-based management interfaces for IMC Supervisor, Cisco UCS Director, and UCS Director Express for Big Data. The root cause is a missing authentication check in an API call, allowing an unauthenticated, remote attacker to log off all currently authenticated user...

8.6CVSS7.7AI score0.02046EPSS
CVE
CVE
added 2018/02/22 12:0 a.m.59 views

CVE-2018-0148

CVE-2018-0148 affects Cisco UCS Director Software and Cisco IMC Supervisor Software, where the web-based management interface is vulnerable to cross-site request forgery (CSRF). An unauthenticated, remote attacker can induce an authenticated user to click a malicious link, enabling arbitrary acti...

8.8CVSS8.8AI score0.00847EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.58 views

CVE-2018-15406

Cisco UCS Director Web Management Interface is affected by CVE-2018-15406, a stored XSS due to insufficient input validation. An unauthenticated, remote attacker could lure a user into clicking a malicious link, enabling execution of arbitrary script code in the interface context or exposure of b...

6.1CVSS5.9AI score0.012EPSS
CVE
CVE
added 2014/02/22 9:0 p.m.57 views

CVE-2014-0709

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 uses a hardcoded root password, enabling unauthenticated remote login via the CLI and full admin access over SSH. This mode of exploitation is documented across multiple sources (Cisco advisory CSCui73930/Cisco-SA-2014-0219-ucsd). Affected vers...

9.3CVSS7AI score0.01844EPSS