Page 14 of 150 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). Una vulnerabilidad en la funcionalidad de complemento de depuración del Unified Computing System de Cisco (UCS), Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante local autenticado ejecutar comandos arbitrarios, También conocido como Privilege Escalation. • http://www.securityfocus.com/bid/97429 http://www.securitytracker.com/id/1038198 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs • CWE-862: Missing Authorization •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). Una vulnerabilidad en el comando local-mgmt de la CLI del Administrador del Unified Computing System de Cisco (UCS), el cortafuegos de próxima generación Cisco Firepower 4100 (NGFW) y el dispositivo de seguridad Cisco Firepower 9300 podrían permitir a un atacante local autenticado realizar una inyección de comandos ataque. • http://www.securityfocus.com/bid/97476 http://www.securitytracker.com/id/1038195 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138). Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permiti a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97472 http://www.securitytracker.com/id/1038197 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97439 http://www.securitytracker.com/id/1038199 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. Una vulnerabilidad en la interfaz web del software Cisco Integrated Management Controller (IMC) podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web malintencionada. • http://www.securityfocus.com/bid/97457 http://www.securitytracker.com/id/1038186 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •