CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-34736 – Cisco Integrated Management Controller GUI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34736
21 Oct 2021 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resu... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 29EXPL: 0CVE-2020-3470 – Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3470
18 Nov 2020 — Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6633
https://notcve.org/view.php?id=CVE-2017-6633
22 May 2017 — A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting n... • http://www.securityfocus.com/bid/98525 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •