CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-34736 – Cisco Integrated Management Controller GUI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34736
21 Oct 2021 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resu... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2019-1880 – Cisco Unified Computing System BIOS Signature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1880
05 Jun 2019 — A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and in... • http://www.securityfocus.com/bid/108680 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6633
https://notcve.org/view.php?id=CVE-2017-6633
22 May 2017 — A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting n... • http://www.securityfocus.com/bid/98525 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2015-0633
https://notcve.org/view.php?id=CVE-2015-0633
26 Feb 2015 — The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. Integrated Management Controller (IMC) en Cisco Unified Computing System (UCS) 1.4(7h) y anteriores en los servidores de la serie C permite a atacantes remotos evadir las restricciones de acceso mediante el envío de paquetes manipulados de ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633 • CWE-20: Improper Input Validation •