CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1354 – Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1354
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. Una vulnerabilidad en el proceso de registro de certificados del Software Cisco Unified Computing System (UCS) Central, podría permitir a un atacante adyacente autenticado registrar un Cisco Unified Computing System Manager (UCSM) malicioso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1352
https://notcve.org/view.php?id=CVE-2016-1352
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. Cisco Unified Computing System (UCS) Central Software 1.3(1b) y versiones anteriores permite a atacantes remotos ejecutar comandos del SO arbitrarios a través de una petición HTTP manipulada, también conocida como Bug ID CSCuv33856. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs http://www.securitytracker.com/id/1035565 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6387
https://notcve.org/view.php?id=CVE-2015-6387
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. Vulnerabilidad de XSS en Cisco Unified Computing System (UCS) Central Software 1.3 (0.1) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado en una URL, también conocida como Bug ID CSCux33573. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs http://www.securitytracker.com/id/1034275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6388
https://notcve.org/view.php?id=CVE-2015-6388
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. Cisco Unified Computing System (UCS) Central software 1.3 (0.1) permite a atacantes remotos llevar a cabo ataques Server-Side Request Forgery (SSRF) a través de una petición manipulada, también conocida como Bug ID CSCux33575. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1 http://www.securityfocus.com/bid/78870 http://www.securitytracker.com/id/1034380 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4286
https://notcve.org/view.php?id=CVE-2015-4286
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. Vulnerabilidad en el framework web en Cisco UCS Central Software 1.3(0.99), permite a atacantes remotos leer archivos arbitrarios a través de una petición HTTP manipulada, también conocida como Cisco UCS Central Software 1.3(0.99) • http://tools.cisco.com/security/center/viewAlert.x?alertId=40151 http://www.securitytracker.com/id/1033112 • CWE-20: Improper Input Validation •