CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-34736 – Cisco Integrated Management Controller GUI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34736
21 Oct 2021 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resu... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2019-1880 – Cisco Unified Computing System BIOS Signature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1880
05 Jun 2019 — A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and in... • http://www.securityfocus.com/bid/108680 • CWE-345: Insufficient Verification of Data Authenticity •