Unified Computing System Security Vulnerabilities and Issues — Unified Computing System CVE List

Lucene search

CiscoUnified Computing System

21 matches found

CVE•added 2019/06/20 3:15 a.m.•218 views

CVE-2019-1628

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could...

5.5CVSS5.5AI score0.00173EPSS

CVE•added 2019/06/20 3:15 a.m.•215 views

CVE-2019-1879

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could explo...

7.2CVSS6.8AI score0.00057EPSS

CVE•added 2019/06/20 3:15 a.m.•214 views

CVE-2019-1631

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could ...

5.3CVSS5.2AI score0.00879EPSS

CVE•added 2019/06/20 3:15 a.m.•205 views

CVE-2019-1630

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer....

5.5CVSS5.5AI score0.00083EPSS

CVE•added 2019/06/20 3:15 a.m.•204 views

CVE-2019-1632

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSR...

8CVSS6AI score0.00076EPSS

CVE•added 2019/06/20 3:15 a.m.•187 views

CVE-2019-1627

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...

6.5CVSS6.4AI score0.00155EPSS

CVE•added 2019/06/20 3:15 a.m.•186 views

CVE-2019-1629

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

5.3CVSS5.5AI score0.00375EPSS

CVE•added 2019/08/21 7:15 p.m.•72 views

CVE-2019-1885

A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by th...

9CVSS7.2AI score0.01009EPSS

CVE•added 2019/08/21 7:15 p.m.•54 views

CVE-2019-1896

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate ...

9CVSS7.3AI score0.00817EPSS

CVE•added 2019/08/21 7:15 p.m.•54 views

CVE-2019-1900

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-...

7.8CVSS7.5AI score0.00268EPSS

CVE•added 2019/08/30 9:15 a.m.•53 views

CVE-2019-1966

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand op...

7.8CVSS8.1AI score0.00232EPSS

CVE•added 2019/08/21 7:15 p.m.•49 views

CVE-2019-1907

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by ...

8.8CVSS8.8AI score0.00157EPSS

CVE•added 2019/04/18 1:29 a.m.•45 views

CVE-2019-1725

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allow...

5.5CVSS5.5AI score0.0007EPSS

CVE•added 2019/08/21 7:15 p.m.•44 views

CVE-2019-1634

A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due...

9CVSS7.2AI score0.01608EPSS

CVE•added 2019/08/21 7:15 p.m.•43 views

CVE-2019-1871

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is ...

9CVSS7.5AI score0.01525EPSS

CVE•added 2019/08/21 7:15 p.m.•43 views

CVE-2019-1883

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of ...

7.8CVSS7.4AI score0.00144EPSS

CVE•added 2019/08/21 7:15 p.m.•40 views

CVE-2019-1863

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker coul...

9CVSS6.9AI score0.00075EPSS

CVE•added 2019/08/21 7:15 p.m.•40 views

CVE-2019-1865

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

9CVSS8.8AI score0.01467EPSS

CVE•added 2019/08/21 7:15 p.m.•38 views

CVE-2019-1864

9CVSS9AI score0.01467EPSS

CVE•added 2019/08/21 7:15 p.m.•38 views

CVE-2019-1908

A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the ...

7.5CVSS7.4AI score0.01041EPSS

CVE•added 2019/08/21 7:15 p.m.•36 views

CVE-2019-1850

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator ...

9CVSS7.1AI score0.01288EPSS