CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4259
https://notcve.org/view.php?id=CVE-2015-4259
10 Jul 2015 — The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. El Controlador Integrado de Gestión en Cisco Unified Computing System (UCS) C Servers con la versión de software 1.5 (3) y 1.6 (0.16) posee un certificado SSL por defecto que fac... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39803 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4183
https://notcve.org/view.php?id=CVE-2015-4183
17 Jun 2015 — Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. Cisco UCS Central Software 1.2(1a) permite a usuarios locales ganar privilegios para la ejecución de comandos del sistema operativo a través de un parámetro CLI manipulado, también conocido como Bug ID CSCut32795. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39324 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2015-0701
https://notcve.org/view.php?id=CVE-2015-0701
07 May 2015 — Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. Cisco UCS Central Software en versiones anteriores a 1.3(1a) permite a atacantes remotos ejecutar comandos arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCut46961. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2015-0633
https://notcve.org/view.php?id=CVE-2015-0633
26 Feb 2015 — The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. Integrated Management Controller (IMC) en Cisco Unified Computing System (UCS) 1.4(7h) y anteriores en los servidores de la serie C permite a atacantes remotos evadir las restricciones de acceso mediante el envío de paquetes manipulados de ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0599
https://notcve.org/view.php?id=CVE-2015-0599
03 Feb 2015 — The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. La interfaz web en Cisco Integrated Management Controller en Cisco Unified Computing System (UCS) en servidores Rack de la serie C no ... • http://secunia.com/advisories/62762 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8003
https://notcve.org/view.php?id=CVE-2014-8003
10 Dec 2014 — Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. Cisco Integrated Management Controller en Cisco Unified Computing System 2.2(2c)A y anteriores permite a usuarios locales obtener acceso de shell a través de un comando map-nfs manipulado, también conocido como Bug ID CSCup05998. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8009 – Cisco UCSM 2.2 Username / Password Disclosure
https://notcve.org/view.php?id=CVE-2014-8009
10 Dec 2014 — The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. El subsistema Management en Cisco Unified Computing System 2.1(3f) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de ficheros del registro, también conocido como Bug ID CSCur99239. Cisco Unified Computing System Manager (UCSM) versions 1.3 through 2.2 sends local (UCSM) username and passw... • https://packetstorm.news/files/id/130971 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7996
https://notcve.org/view.php?id=CVE-2014-7996
18 Nov 2014 — Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. Vulnerabilidad de CSRF en Cisco Integrated Management Controller en Cisco Unified Computing System, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuq45477. • http://secunia.com/advisories/62565 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-3348
https://notcve.org/view.php?id=CVE-2014-3348
10 Sep 2014 — The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206. El módulo SSH en Integrated Management Controller (IMC) anterior a 2.3.1 en Cisco Unified Computing System en los servidores Blade de la serie E permite a atacantes remotos causar una denegación de servicio (cuelgue de IMC) a través de un paquete SSH manipulado, ta... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 97EXPL: 0CVE-2014-3261
https://notcve.org/view.php?id=CVE-2014-3261
24 May 2014 — Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •