CVE-2014-8009 – Cisco UCSM 2.2 Username / Password Disclosure
https://notcve.org/view.php?id=CVE-2014-8009
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. El subsistema Management en Cisco Unified Computing System 2.1(3f) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de ficheros del registro, también conocido como Bug ID CSCur99239. Cisco Unified Computing System Manager (UCSM) versions 1.3 through 2.2 sends local (UCSM) username and password hashes to the configured SYSLOG server every 12 hours. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8009 http://tools.cisco.com/security/center/viewAlert.x?alertId=36640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8003
https://notcve.org/view.php?id=CVE-2014-8003
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. Cisco Integrated Management Controller en Cisco Unified Computing System 2.2(2c)A y anteriores permite a usuarios locales obtener acceso de shell a través de un comando map-nfs manipulado, también conocido como Bug ID CSCup05998. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003 http://tools.cisco.com/security/center/viewAlert.x?alertId=36562 • CWE-20: Improper Input Validation •
CVE-2012-4078
https://notcve.org/view.php?id=CVE-2012-4078
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. El Baseboard Management Controller (BMC) en Cisco Unified Computing System (UCS) no maneja correctamente secuencias de escape SSH, lo cual permite a usuarios autenticados remotamente saltarse un paso no especificado de autentificación a través del reenvío de puertos SSH, aka Bug ID CSCtg17656. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4078 http://www.securitytracker.com/id/1029084 https://exchange.xforce.ibmcloud.com/vulnerabilities/87367 • CWE-287: Improper Authentication •
CVE-2012-4081
https://notcve.org/view.php?id=CVE-2012-4081
MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734. MCServer en Cisco Management Controller de Cisco Unified Computing System (UCS) permite a usuarios locales causar una denegación de servicio (cuelgue de aplicación) a través de parámetros inválidos de MCTools, tambien conocido como Bug ID CSCtg20734. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4081 http://www.securitytracker.com/id/1029065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1183
https://notcve.org/view.php?id=CVE-2013-1183
Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371. Desbordamiento de búfer en el Intelligent Platform Management Interface (IPMI) funcionalidad en el componente Administrador de Cisco Unified Computing System (UCS), v1.0 y v1.1 antes de v1.1(1j) y v1.2 antes de v1.2(1b), permite a atacantes remotos ejecutar código arbitrario a través de los datos con formato incorrecto en un paquete UDP, también conocido como Bug ID CSCtd32371. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •