CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1354 – Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1354
04 Feb 2021 — A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Soft... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-0113
https://notcve.org/view.php?id=CVE-2018-0113
08 Feb 2018 — A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825. • http://www.securityfocus.com/bid/102966 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-0094
https://notcve.org/view.php?id=CVE-2018-0094
18 Jan 2018 — A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and ... • http://www.securityfocus.com/bid/102787 • CWE-400: Uncontrolled Resource Consumption CWE-693: Protection Mechanism Failure •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1401
https://notcve.org/view.php?id=CVE-2016-1401
21 May 2016 — Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. Vulnerabilidad de XSS en la interfaz de administración en Cisco Unified Computing System (UCS) Central Software 1.4(1a) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como Bug ID CSCuy9... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1352
https://notcve.org/view.php?id=CVE-2016-1352
14 Apr 2016 — Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. Cisco Unified Computing System (UCS) Central Software 1.3(1b) y versiones anteriores permite a atacantes remotos ejecutar comandos del SO arbitrarios a través de una petición HTTP manipulada, también conocida como Bug ID CSCuv33856. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6387
https://notcve.org/view.php?id=CVE-2015-6387
05 Dec 2015 — Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. Vulnerabilidad de XSS en Cisco Unified Computing System (UCS) Central Software 1.3 (0.1) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado en una URL, también conocida como Bug ID CSCux33573. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6388
https://notcve.org/view.php?id=CVE-2015-6388
05 Dec 2015 — Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. Cisco Unified Computing System (UCS) Central software 1.3 (0.1) permite a atacantes remotos llevar a cabo ataques Server-Side Request Forgery (SSRF) a través de una petición manipulada, también conocida como Bug ID CSCux33575. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4286
https://notcve.org/view.php?id=CVE-2015-4286
29 Jul 2015 — The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. Vulnerabilidad en el framework web en Cisco UCS Central Software 1.3(0.99), permite a atacantes remotos leer archivos arbitrarios a través de una petición HTTP manipulada, también conocida como Cisco UCS Central Software 1.3(0.99) • http://tools.cisco.com/security/center/viewAlert.x?alertId=40151 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2015-0701
https://notcve.org/view.php?id=CVE-2015-0701
07 May 2015 — Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. Cisco UCS Central Software en versiones anteriores a 1.3(1a) permite a atacantes remotos ejecutar comandos arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCut46961. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0730
https://notcve.org/view.php?id=CVE-2014-0730
22 Feb 2014 — Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. Unified Computing System (UCS) Central Software 1.1 y anteriores permite a usuarios locales ganar privilegios a través de un comando copy de CLI en un contexto local-mgmt, también conocido como Bug ID CSCul53128. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0730 • CWE-20: Improper Input Validation •