VYPR

Integrated Management Controller Software

by Cisco Systems, Inc.

CVEs (14)

  • CVE-2020-3470CriNov 18, 2020
    risk 0.64cvss 9.8epss 0.05

    Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input.…

  • CVE-2019-1907HigAug 21, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations…

  • CVE-2019-1865HigAug 21, 2019
    risk 0.57cvss 8.8epss 0.04

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to…

  • CVE-2019-1864HigAug 21, 2019
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to…

  • CVE-2019-1863HigAug 21, 2019
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization…

  • CVE-2019-1883HigAug 21, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to…

  • CVE-2019-1908HigAug 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security…

  • CVE-2019-1900HigAug 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient…

  • CVE-2019-1896HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input…

  • CVE-2019-1885HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of…

  • CVE-2019-1850HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have…

  • CVE-2020-3371MedNov 6, 2020
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input…

  • CVE-2021-34736MedOct 21, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input…

  • CVE-2021-1397MedMay 6, 2021
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in…