CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0113
https://notcve.org/view.php?id=CVE-2018-0113
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825. • http://www.securityfocus.com/bid/102966 http://www.securitytracker.com/id/1040337 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0094
https://notcve.org/view.php?id=CVE-2018-0094
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. • http://www.securityfocus.com/bid/102787 http://www.securitytracker.com/id/1040249 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs • CWE-400: Uncontrolled Resource Consumption CWE-693: Protection Mechanism Failure •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12349
https://notcve.org/view.php?id=CVE-2017-12349
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco UCS Central Software podría permitir que un atacante remoto lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de la interfaz web o que secuestre un ID de sesión válido de un usuario del software afectado. Cisco Bug IDs: CSCvf71978, CSCvf71986. • http://www.securityfocus.com/bid/102018 http://www.securitytracker.com/id/1039924 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12348
https://notcve.org/view.php?id=CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco UCS Central Software podría permitir que un atacante remoto lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de la interfaz web o que secuestre un ID de sesión válido de un usuario del software afectado. Cisco Bug IDs: CSCvf71978, CSCvf71986. • http://www.securityfocus.com/bid/102018 http://www.securitytracker.com/id/1039924 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12338
https://notcve.org/view.php?id=CVE-2017-12338
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker unauthorized access to read arbitrary files on the underlying local file system. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to read files from any VDC. • http://www.securitytracker.com/id/1039937 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6 • CWE-20: Improper Input Validation •