Page 4 of 29 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. Una vulnerabilidad en la interfaz web del software Cisco Integrated Management Controller (IMC) podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web malintencionada. • http://www.securityfocus.com/bid/97457 http://www.securitytracker.com/id/1038186 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. UCS Manager y UCS 6200 Fabric Interconnects en Cisco Unified Computing System (UCS) hasta la versión 3.0(2d) permiten a usuarios locales obtener acceso root del SO a través de una entrada CLI manipulada, vulnerabilidad también conocida como Bug ID CSCuz91263. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs http://www.securityfocus.com/bid/92956 http://www.securitytracker.com/id/1036831 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 65EXPL: 0

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. Cisco NX-OS 4.0 hasta la versión 6.1 en dispositivos Nexus 1000V 3000, 4000, 5000, 6000 y 7000 y plataformas Unified Computing System (UCS) permite a atancantes remotos causar una denegación de servicio (recarga de pila TCP) mediante el envío de paquetes TCP manipulados a un dispositivo que tenga una sesión TIME_WAIT TCP, también conocido como Bug ID CSCub70579. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack http://www.securitytracker.com/id/1035159 http://www.securitytracker.com/id/1035160 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 0%CPEs: 86EXPL: 1

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Una secuencia de comandos CGI no especificada en Cisco FX-OS en versiones anteriores a 1.1.2 en dispositivos Firepower 9000 y Cisco Unified Computing System (UCS) Manager en versiones anteriores a 2.2(4b), 2.2(5) en versiones anteriores a 2.2(5a) y 3.0 en versiones anteriores a 3.0(2e) permite a atacantes remotos ejecutar comandos shell arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCur90888. • http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm http://www.securitytracker.com/id/1034743 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. Cisco Unified Computing System (UCS) 2.2(3f)A en dispositivos Fabric Interconnect 6200 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o interrupción de dispositivo) a través de una inundación SYN en el puerto SSH durante el proceso de arranque, también conocido como Bug ID CSCuu81757. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs http://www.securityfocus.com/bid/85711 http://www.securitytracker.com/id/1034381 • CWE-399: Resource Management Errors •