4 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Integrated Management Controller (IMC) Software podría permitir a un atacante remoto no autenticado causar el reinicio inesperado de la interfaz de administración basada en web. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh • CWE-20: Improper Input Validation •

CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0

A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device. Una vulnerabilidad en la utilidad de actualización del BIOS de rack servidores Unified Computing System (UCS) C-Series de Cisco, podría permitir a un atacante local autorizado instalar el firmware del BIOS comprometido en un dispositivo afectado. • http://www.securityfocus.com/bid/108680 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544. • http://www.securityfocus.com/bid/98525 http://www.securitytracker.com/id/1038513 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 0%CPEs: 41EXPL: 0

The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. Integrated Management Controller (IMC) en Cisco Unified Computing System (UCS) 1.4(7h) y anteriores en los servidores de la serie C permite a atacantes remotos evadir las restricciones de acceso mediante el envío de paquetes manipulados de respuestas DHCP en la red local, también conocido como Bug ID CSCuf52876. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633 http://tools.cisco.com/security/center/viewAlert.x?alertId=37575 http://www.securityfocus.com/bid/72760 http://www.securityfocus.com/bid/85711 http://www.securitytracker.com/id/1031796 • CWE-20: Improper Input Validation •