CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1630 – Cisco Integrated Management Controller Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1630
A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system. Una vulnerabilidad en el programa de comprobación de firmas del firmware de Integrated Management Controller (IMC) de Cisco, podría permitir a un atacante local autenticado causar un desbordamiento del búfer, resultando en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/108846 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-frmwr-dos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15447 – Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-15447
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. Una vulnerabilidad en el código del framework web de Cisco Integrated Management Controller (IMC) Supervisor podría permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. Esta vulnerabilidad se debe a la falta de validación adecuada de los valores de entrada proporcionados por el usuario en consultas SQL. • http://www.securityfocus.com/bid/105855 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cimc-sql-inject • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15404 – Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15404
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition. Una vulnerabilidad en la interfaz web de Cisco Integrated Management Controller (IMC) Supervisor y Cisco UCS Director podría permitir que un atacante remoto autenticado provoque una denegación de servicio (DoS) en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0149
https://notcve.org/view.php?id=CVE-2018-0149
A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994. • http://www.securityfocus.com/bid/104444 http://www.securitytracker.com/id/1041072 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6619
https://notcve.org/view.php?id=CVE-2017-6619
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591. • http://www.securityfocus.com/bid/97925 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc • CWE-20: Improper Input Validation •