CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-34736 – Cisco Integrated Management Controller GUI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34736
21 Oct 2021 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resu... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1592 – Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1592
25 Aug 2021 — A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software proce... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy • CWE-664: Improper Control of a Resource Through its Lifetime CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2021-1590 – Cisco NX-OS Software system login block-for Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1590
25 Aug 2021 — A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 1%CPEs: 470EXPL: 0CVE-2021-1387 – Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1387
24 Feb 2021 — A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of avai... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 108EXPL: 0CVE-2021-1368 – Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1368
24 Feb 2021 — A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-1966 – Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1966
29 Aug 2019 — A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-1907 – Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1907
21 Aug 2019 — A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain admin... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-1908 – Cisco Integrated Management Controller Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1908
21 Aug 2019 — A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks. Una vulnerabi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2019-1883 – Cisco Integrated Management Controller CLI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1883
21 Aug 2019 — A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the aff... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0CVE-2019-1885 – Cisco Integrated Management Controller Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1885
21 Aug 2019 — A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the atta... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •