Page 2 of 12 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 86EXPL: 1

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Una secuencia de comandos CGI no especificada en Cisco FX-OS en versiones anteriores a 1.1.2 en dispositivos Firepower 9000 y Cisco Unified Computing System (UCS) Manager en versiones anteriores a 2.2(4b), 2.2(5) en versiones anteriores a 2.2(5a) y 3.0 en versiones anteriores a 3.0(2e) permite a atacantes remotos ejecutar comandos shell arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCur90888. • http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm http://www.securitytracker.com/id/1034743 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. El subsistema Management en Cisco Unified Computing System 2.1(3f) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de ficheros del registro, también conocido como Bug ID CSCur99239. Cisco Unified Computing System Manager (UCSM) versions 1.3 through 2.2 sends local (UCSM) username and password hashes to the configured SYSLOG server every 12 hours. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8009 http://tools.cisco.com/security/center/viewAlert.x?alertId=36640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. Cisco Integrated Management Controller en Cisco Unified Computing System 2.2(2c)A y anteriores permite a usuarios locales obtener acceso de shell a través de un comando map-nfs manipulado, también conocido como Bug ID CSCup05998. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003 http://tools.cisco.com/security/center/viewAlert.x?alertId=36562 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 41EXPL: 0

The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. La interfaz web en el componente Manager de Cisco Unified Computing System (UCS) v1.x y v2.x antes v2.0(2m) permite a atacantes remotos obtener información sensible mediante la lectura de un (1) archivo de paquete de soporte técnico o (2) el Respaldar la configuración del equipo, también conocido como Bug ID CSCtq86543. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.3EPSS: 0%CPEs: 319EXPL: 0

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. Múltiples desbordamientos de búfer en la implementación Cisco Discovery Protocol (CDP) de Cisco NX-OS en dispositivos Nexus 7000 y v4.x v5.x antes v5.2(4) y v6.x antes de v6.1(1), Nexus 5000 y 5500 v4.x v5.x antes de v5.1(3)N1(1), Nexus 4000 antes de v4.1(2)E1(1h), Nexus 3000 v5.x antes de v5.0(3)U3(1), Nexus 1000V v4.x antes de v4.2(1)SV1(5.1), MDS 9000 v4.x y v5.x antes v5.2(4), Unified Computing System (UCS) 6100 y 6200 antes v2.0(2m), y el Router conexión a la red (CGR) 1000 dispositivos antes CG4 (1) permite a atacantes remotos ejecutar código arbitrario a través de paquetes CDP malformados, también conocido como Bug ID CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544 y CSCuf61275. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •