Page 2 of 13 results (0.007 seconds)

CVSS: 10.0EPSS: 0%CPEs: 86EXPL: 1

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Una secuencia de comandos CGI no especificada en Cisco FX-OS en versiones anteriores a 1.1.2 en dispositivos Firepower 9000 y Cisco Unified Computing System (UCS) Manager en versiones anteriores a 2.2(4b), 2.2(5) en versiones anteriores a 2.2(5a) y 3.0 en versiones anteriores a 3.0(2e) permite a atacantes remotos ejecutar comandos shell arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCur90888. • http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm http://www.securitytracker.com/id/1034743 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.8EPSS: 0%CPEs: 41EXPL: 0

The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. Integrated Management Controller (IMC) en Cisco Unified Computing System (UCS) 1.4(7h) y anteriores en los servidores de la serie C permite a atacantes remotos evadir las restricciones de acceso mediante el envío de paquetes manipulados de respuestas DHCP en la red local, también conocido como Bug ID CSCuf52876. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633 http://tools.cisco.com/security/center/viewAlert.x?alertId=37575 http://www.securityfocus.com/bid/72760 http://www.securityfocus.com/bid/85711 http://www.securitytracker.com/id/1031796 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. El subsistema Management en Cisco Unified Computing System 2.1(3f) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de ficheros del registro, también conocido como Bug ID CSCur99239. Cisco Unified Computing System Manager (UCSM) versions 1.3 through 2.2 sends local (UCSM) username and password hashes to the configured SYSLOG server every 12 hours. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8009 http://tools.cisco.com/security/center/viewAlert.x?alertId=36640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. Cisco Integrated Management Controller en Cisco Unified Computing System 2.2(2c)A y anteriores permite a usuarios locales obtener acceso de shell a través de un comando map-nfs manipulado, también conocido como Bug ID CSCup05998. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003 http://tools.cisco.com/security/center/viewAlert.x?alertId=36562 • CWE-20: Improper Input Validation •

CVSS: 7.6EPSS: 0%CPEs: 97EXPL: 0

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322. Desbordamiento de buffer en la implementación Smart Call Home en Cisco NX-OS on Fabric Interconnects en Cisco Unified Computing System 1.4 anterior a 1.4(1i), NX-OS 5.0 anterior a 5.0(3)U2(2) en dispositivos Nexus 3000, NX-OS 4.1 anterior a 4.1(2)E1(1l) en dispositivos Nexus 4000, NX-OS 5.x anterior a 5.1(3)N1(1) en dispositivos Nexus 5000, NX-OS 5.2 anterior a 5.2(3a) en dispositivos Nexus 7000 y CG-OS CG4 anterior a CG4(2) en Connected 1000 Connected Grid Routers permite a servidores SMTP remotos ejecutar código arbitrario a través de una respuesta manipulada, también conocido como Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405 y CSCuf61322. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •