Unified Computing System Security Vulnerabilities and Issues — Unified Computing System CVE List

Lucene search

CiscoUnified Computing System

23 matches found

CVE•added 2019/06/20 3:15 a.m.•215 views

CVE-2019-1879

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could explo...

7.2CVSS6.8AI score0.00057EPSS

CVE•added 2024/10/02 5:15 p.m.•71 views

CVE-2024-20365

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerabi...

7.2CVSS7AI score0.0028EPSS

CVE•added 2019/08/21 7:15 p.m.•54 views

CVE-2019-1900

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-...

7.8CVSS7.5AI score0.00268EPSS

CVE•added 2019/08/30 9:15 a.m.•53 views

CVE-2019-1966

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand op...

7.8CVSS8.1AI score0.00232EPSS

CVE•added 2021/10/21 3:15 a.m.•50 views

CVE-2021-34736

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-ba...

7.5CVSS6.3AI score0.00157EPSS

CVE•added 2018/06/07 9:29 p.m.•46 views

CVE-2018-0338

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation ch...

7.8CVSS7.8AI score0.00097EPSS

CVE•added 2017/11/30 9:29 a.m.•45 views

CVE-2017-12331

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this...

7.2CVSS6.3AI score0.00035EPSS

CVE•added 2017/04/07 5:59 p.m.•45 views

CVE-2017-6598

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege ...

7.2CVSS6.7AI score0.00024EPSS

CVE•added 2017/04/07 5:59 p.m.•45 views

CVE-2017-6600

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 C...

7.8CVSS7.6AI score0.00366EPSS

CVE•added 2016/03/03 10:59 p.m.•44 views

CVE-2015-0718

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579...

7.8CVSS7.4AI score0.05955EPSS

CVE•added 2017/04/07 5:59 p.m.•44 views

CVE-2017-6601

7.1CVSS6.9AI score0.00278EPSS

CVE•added 2017/05/22 1:29 a.m.•44 views

CVE-2017-6633

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploi...

7.5CVSS7.5AI score0.0075EPSS

CVE•added 2017/09/21 5:29 a.m.•43 views

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerabil...

7.2CVSS6.7AI score0.00062EPSS

CVE•added 2017/11/30 9:29 a.m.•43 views

CVE-2017-12334

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command argument...

7.2CVSS6.9AI score0.00106EPSS

CVE•added 2017/11/30 9:29 a.m.•43 views

CVE-2017-12341

7.2CVSS6.9AI score0.00258EPSS

CVE•added 2019/08/21 7:15 p.m.•43 views

CVE-2019-1883

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of ...

7.8CVSS7.4AI score0.00144EPSS

CVE•added 2017/04/07 5:59 p.m.•41 views

CVE-2017-6597

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Inform...

7.8CVSS7.6AI score0.00366EPSS

CVE•added 2016/09/18 10:59 p.m.•40 views

CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

7.8CVSS7.4AI score0.00083EPSS

CVE•added 2015/06/17 10:59 a.m.•39 views

CVE-2015-4183

Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.

7.2CVSS7AI score0.00143EPSS

CVE•added 2019/08/21 7:15 p.m.•38 views

CVE-2019-1908

A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the ...

7.5CVSS7.4AI score0.01041EPSS

CVE•added 2015/12/12 4:59 p.m.•37 views

CVE-2015-6415

Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757.

7.1CVSS7AI score0.00563EPSS

CVE•added 2014/12/10 9:59 p.m.•36 views

CVE-2014-8003

Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998.

7.2CVSS6.3AI score0.00073EPSS

CVE•added 2015/07/20 11:59 p.m.•36 views

CVE-2015-4279

The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.

7.2CVSS7.2AI score0.00302EPSS