CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1725 – Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1725
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allowed for a specific subset of local management CLI commands. The vulnerability is due to lack of proper input validation of user input for local management CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted form of a limited subset of local management CLI commands. An exploit could allow the attacker to overwrite an arbitrary files on disk or inject CLI command parameters that should have been disabled. • http://www.securityfocus.com/bid/108082 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucs-cli-inj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0094
https://notcve.org/view.php?id=CVE-2018-0094
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. • http://www.securityfocus.com/bid/102787 http://www.securitytracker.com/id/1040249 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs • CWE-400: Uncontrolled Resource Consumption CWE-693: Protection Mechanism Failure •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1401
https://notcve.org/view.php?id=CVE-2016-1401
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. Vulnerabilidad de XSS en la interfaz de administración en Cisco Unified Computing System (UCS) Central Software 1.4(1a) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como Bug ID CSCuy91250. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs http://www.securitytracker.com/id/1035933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 65EXPL: 0CVE-2015-0718
https://notcve.org/view.php?id=CVE-2015-0718
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. Cisco NX-OS 4.0 hasta la versión 6.1 en dispositivos Nexus 1000V 3000, 4000, 5000, 6000 y 7000 y plataformas Unified Computing System (UCS) permite a atancantes remotos causar una denegación de servicio (recarga de pila TCP) mediante el envío de paquetes TCP manipulados a un dispositivo que tenga una sesión TIME_WAIT TCP, también conocido como Bug ID CSCub70579. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack http://www.securitytracker.com/id/1035159 http://www.securitytracker.com/id/1035160 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 86EXPL: 1CVE-2015-6435 – Cisco UCS Manager 2.2(1d) Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-6435
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Una secuencia de comandos CGI no especificada en Cisco FX-OS en versiones anteriores a 1.1.2 en dispositivos Firepower 9000 y Cisco Unified Computing System (UCS) Manager en versiones anteriores a 2.2(4b), 2.2(5) en versiones anteriores a 2.2(5a) y 3.0 en versiones anteriores a 3.0(2e) permite a atacantes remotos ejecutar comandos shell arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCur90888. • http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm http://www.securitytracker.com/id/1034743 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •