CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1354 – Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1354
04 Feb 2021 — A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Soft... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0701
https://notcve.org/view.php?id=CVE-2015-0701
07 May 2015 — Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. Cisco UCS Central Software en versiones anteriores a 1.3(1a) permite a atacantes remotos ejecutar comandos arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCut46961. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc • CWE-20: Improper Input Validation •