CVSS: 6.3EPSS: 0%CPEs: 38EXPL: 0CVE-2024-20280 – Cisco UCS Central Software Configuration Backup Static Key Vulnerability
https://notcve.org/view.php?id=CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. Una vulnerabilidad en la función de copia de seguridad de Cisco UCS Central Software podría permitir que un atacante con acceso a un archivo de copia de seguridad obtenga información confidencial almacenada en los archivos de copia de seguridad de estado completo y de configuración. Esta vulnerabilidad se debe a una debilidad en el método de cifrado que se utiliza para la función de copia de seguridad. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsc-bkpsky-TgJ5f73J • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1354 – Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1354
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. Una vulnerabilidad en el proceso de registro de certificados del Software Cisco Unified Computing System (UCS) Central, podría permitir a un atacante adyacente autenticado registrar un Cisco Unified Computing System Manager (UCSM) malicioso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0701
https://notcve.org/view.php?id=CVE-2015-0701
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. Cisco UCS Central Software en versiones anteriores a 1.3(1a) permite a atacantes remotos ejecutar comandos arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCut46961. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc http://www.securityfocus.com/bid/74491 http://www.securitytracker.com/id/1032267 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0730
https://notcve.org/view.php?id=CVE-2014-0730
Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. Unified Computing System (UCS) Central Software 1.1 y anteriores permite a usuarios locales ganar privilegios a través de un comando copy de CLI en un contexto local-mgmt, también conocido como Bug ID CSCul53128. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0730 http://tools.cisco.com/security/center/viewAlert.x?alertId=32910 • CWE-20: Improper Input Validation •