CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15404 – Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15404
05 Oct 2018 — A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web inte... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.4EPSS: 1%CPEs: 11EXPL: 0CVE-2015-6259
https://notcve.org/view.php?id=CVE-2015-6259
04 Sep 2015 — The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vulnerabilidad en el componente JavaServer Pages (JSP) en Cisco Integrated Management Controller (IMC) Supervisor en versiones anteriores a 1.0.0.1 y UCS Director (anteriormente Cloupia Unified Infr... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-3348
https://notcve.org/view.php?id=CVE-2014-3348
10 Sep 2014 — The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206. El módulo SSH en Integrated Management Controller (IMC) anterior a 2.3.1 en Cisco Unified Computing System en los servidores Blade de la serie E permite a atacantes remotos causar una denegación de servicio (cuelgue de IMC) a través de un paquete SSH manipulado, ta... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2013-1182
https://notcve.org/view.php?id=CVE-2013-1182
25 Apr 2013 — The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207. La página de inicio de sesión en la consola Web en el componente Administrador de Cisco Unified Computing System (UCS), antes de v1.0(2h) v1.1 antes de v1.1(1j), y v1.3(x), permite a atacantes remotos evitar la autenticación LDAP a través de una solicitud mal form... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-1184
https://notcve.org/view.php?id=CVE-2013-1184
25 Apr 2013 — The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206. El API de gestión en el servicio de gestión de API XML en el componente Manager de Cisco Unified Computing System (UCS) v1.x antes v1.2 (1b), permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de una solicit... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 41EXPL: 0CVE-2013-1185
https://notcve.org/view.php?id=CVE-2013-1185
25 Apr 2013 — The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. La interfaz web en el componente Manager de Cisco Unified Computing System (UCS) v1.x y v2.x antes v2.0(2m) permite a atacantes remotos obtener información sensible mediante la lectura de un (1) archivo de paquete de soporte técnico o (2... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1186
https://notcve.org/view.php?id=CVE-2013-1186
25 Apr 2013 — Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746. Cisco Unified Computing System (UCS) v1.x antes v1.4(4) y v2.x antes v2.0 (2m), permite a atacantes remotos evitar la autenticación de KVM a través de una solicitud de autenticación diseñada a una gestión integrada de Cisco Controller (IMC), también conocido como Bug ID... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti • CWE-287: Improper Authentication •