CVE-2018-0094
https://notcve.org/view.php?id=CVE-2018-0094
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. • http://www.securityfocus.com/bid/102787 http://www.securitytracker.com/id/1040249 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs • CWE-400: Uncontrolled Resource Consumption CWE-693: Protection Mechanism Failure •
CVE-2017-12349
https://notcve.org/view.php?id=CVE-2017-12349
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco UCS Central Software podría permitir que un atacante remoto lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de la interfaz web o que secuestre un ID de sesión válido de un usuario del software afectado. Cisco Bug IDs: CSCvf71978, CSCvf71986. • http://www.securityfocus.com/bid/102018 http://www.securitytracker.com/id/1039924 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12329
https://notcve.org/view.php?id=CVE-2017-12329
A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. • http://www.securityfocus.com/bid/102015 http://www.securitytracker.com/id/1039928 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2017-12348
https://notcve.org/view.php?id=CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco UCS Central Software podría permitir que un atacante remoto lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de la interfaz web o que secuestre un ID de sesión válido de un usuario del software afectado. Cisco Bug IDs: CSCvf71978, CSCvf71986. • http://www.securityfocus.com/bid/102018 http://www.securitytracker.com/id/1039924 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12336
https://notcve.org/view.php?id=CVE-2017-12336
A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. • http://www.securityfocus.com/bid/102168 http://www.securitytracker.com/id/1039936 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5 • CWE-20: Improper Input Validation •