CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0430 – Cisco Integrated Management Controller Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-0430
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. Una vulnerabilidad en la interfaz de gestión web de Cisco Integrated Management Controller (IMC) Software podría permitir que un atacante remoto no autenticado inyecte y ejecute comandos arbitrarios con privilegios root en un dispositivo afectado. • http://www.securitytracker.com/id/1041686 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cimc-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 65EXPL: 0CVE-2015-0718
https://notcve.org/view.php?id=CVE-2015-0718
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. Cisco NX-OS 4.0 hasta la versión 6.1 en dispositivos Nexus 1000V 3000, 4000, 5000, 6000 y 7000 y plataformas Unified Computing System (UCS) permite a atancantes remotos causar una denegación de servicio (recarga de pila TCP) mediante el envío de paquetes TCP manipulados a un dispositivo que tenga una sesión TIME_WAIT TCP, también conocido como Bug ID CSCub70579. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack http://www.securitytracker.com/id/1035159 http://www.securitytracker.com/id/1035160 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 86EXPL: 1CVE-2015-6435 – Cisco UCS Manager 2.2(1d) Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-6435
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Una secuencia de comandos CGI no especificada en Cisco FX-OS en versiones anteriores a 1.1.2 en dispositivos Firepower 9000 y Cisco Unified Computing System (UCS) Manager en versiones anteriores a 2.2(4b), 2.2(5) en versiones anteriores a 2.2(5a) y 3.0 en versiones anteriores a 3.0(2e) permite a atacantes remotos ejecutar comandos shell arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCur90888. • http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm http://www.securitytracker.com/id/1034743 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8003
https://notcve.org/view.php?id=CVE-2014-8003
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. Cisco Integrated Management Controller en Cisco Unified Computing System 2.2(2c)A y anteriores permite a usuarios locales obtener acceso de shell a través de un comando map-nfs manipulado, también conocido como Bug ID CSCup05998. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003 http://tools.cisco.com/security/center/viewAlert.x?alertId=36562 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8009 – Cisco UCSM 2.2 Username / Password Disclosure
https://notcve.org/view.php?id=CVE-2014-8009
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. El subsistema Management en Cisco Unified Computing System 2.1(3f) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de ficheros del registro, también conocido como Bug ID CSCur99239. Cisco Unified Computing System Manager (UCSM) versions 1.3 through 2.2 sends local (UCSM) username and password hashes to the configured SYSLOG server every 12 hours. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8009 http://tools.cisco.com/security/center/viewAlert.x?alertId=36640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •