CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1630 – Cisco Integrated Management Controller Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1630
20 Jun 2019 — A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system. Una vulnerabilidad en el programa... • http://www.securityfocus.com/bid/108846 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-15447 – Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-15447
08 Nov 2018 — A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. Una vulnerabilidad en el código del framework web de Cisco Integrated Management Controller (IMC) ... • http://www.securityfocus.com/bid/105855 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15404 – Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15404
05 Oct 2018 — A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web inte... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0149
https://notcve.org/view.php?id=CVE-2018-0149
07 Jun 2018 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attac... • http://www.securityfocus.com/bid/104444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2017-6616
https://notcve.org/view.php?id=CVE-2017-6616
20 Apr 2017 — A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute a... • http://www.securityfocus.com/bid/97928 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6617
https://notcve.org/view.php?id=CVE-2017-6617
20 Apr 2017 — A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to th... • http://www.securityfocus.com/bid/97929 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6618
https://notcve.org/view.php?id=CVE-2017-6618
20 Apr 2017 — A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code ... • http://www.securityfocus.com/bid/97927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6619
https://notcve.org/view.php?id=CVE-2017-6619
20 Apr 2017 — A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute ar... • http://www.securityfocus.com/bid/97925 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6399
https://notcve.org/view.php?id=CVE-2015-6399
15 Dec 2015 — The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. El Supervisor 1.0.0.0 y 1.0.0.1 en Cisco Integrated Management Controller (IMC) en versiones anteriores a 2.0(9) permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de interfaz IP) a través de parámetros manipulados en una petic... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc • CWE-399: Resource Management Errors •
CVSS: 9.4EPSS: 1%CPEs: 11EXPL: 0CVE-2015-6259
https://notcve.org/view.php?id=CVE-2015-6259
04 Sep 2015 — The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vulnerabilidad en el componente JavaServer Pages (JSP) en Cisco Integrated Management Controller (IMC) Supervisor en versiones anteriores a 1.0.0.1 y UCS Director (anteriormente Cloupia Unified Infr... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs • CWE-20: Improper Input Validation •