Unified Computing System Security Vulnerabilities and Issues — Unified Computing System CVE List

Lucene search

CiscoUnified Computing System

17 matches found

CVE•added 2013/09/26 2:16 p.m.•54 views

CVE-2012-4092

The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683.

5.8CVSS6.5AI score0.00255EPSS

CVE•added 2013/09/26 2:16 p.m.•50 views

CVE-2012-4079

The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206.

5CVSS6.8AI score0.00474EPSS

CVE•added 2013/09/20 4:55 p.m.•45 views

CVE-2012-4073

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

5.8CVSS6.4AI score0.00176EPSS

CVE•added 2013/09/20 6:55 p.m.•44 views

CVE-2012-4081

MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734.

4.6CVSS6.4AI score0.00121EPSS

CVE•added 2013/09/20 4:55 p.m.•44 views

CVE-2012-4083

Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751.

4CVSS6.9AI score0.00685EPSS

CVE•added 2013/09/25 10:31 a.m.•44 views

CVE-2012-4086

A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790.

5.1CVSS8AI score0.00637EPSS

CVE•added 2013/09/27 8:55 p.m.•43 views

CVE-2012-1313

The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772.

6.5CVSS6.9AI score0.00134EPSS

CVE•added 2013/09/20 4:55 p.m.•43 views

CVE-2012-4072

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

4.3CVSS6.5AI score0.00181EPSS

CVE•added 2013/09/24 10:35 a.m.•43 views

CVE-2012-4078

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656.

8.5CVSS6.7AI score0.00502EPSS

CVE•added 2013/09/24 10:35 a.m.•43 views

CVE-2012-4087

A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793.

5.1CVSS8AI score0.00514EPSS

CVE•added 2013/09/24 10:35 a.m.•43 views

CVE-2012-4094

Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198.

5.4CVSS7.1AI score0.00843EPSS

CVE•added 2013/09/24 10:35 a.m.•42 views

CVE-2012-4085

The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761.

5CVSS6.8AI score0.00363EPSS

CVE•added 2013/09/24 10:35 a.m.•41 views

CVE-2012-4089

MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239.

6.6CVSS7.4AI score0.00127EPSS

CVE•added 2013/09/20 4:55 p.m.•40 views

CVE-2012-4074

The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID ...

5.8CVSS6.1AI score0.00327EPSS

CVE•added 2013/09/20 4:55 p.m.•39 views

CVE-2012-4093

The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186.

4.6CVSS6.4AI score0.00121EPSS

CVE•added 2013/09/26 2:16 p.m.•38 views

CVE-2012-4088

The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769.

4.3CVSS6.9AI score0.00337EPSS

CVE•added 2013/09/20 6:55 p.m.•36 views

CVE-2012-4082

MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.

6.8CVSS6.7AI score0.00127EPSS