3 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. Una vulnerabilidad en el proceso de registro de certificados del Software Cisco Unified Computing System (UCS) Central, podría permitir a un atacante adyacente autenticado registrar un Cisco Unified Computing System Manager (UCSM) malicioso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH • CWE-295: Improper Certificate Validation •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. Cisco UCS Central Software en versiones anteriores a 1.3(1a) permite a atacantes remotos ejecutar comandos arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCut46961. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc http://www.securityfocus.com/bid/74491 http://www.securitytracker.com/id/1032267 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. Unified Computing System (UCS) Central Software 1.1 y anteriores permite a usuarios locales ganar privilegios a través de un comando copy de CLI en un contexto local-mgmt, también conocido como Bug ID CSCul53128. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0730 http://tools.cisco.com/security/center/viewAlert.x?alertId=32910 • CWE-20: Improper Input Validation •