VYPR

Unified Computing System

by Cisco Systems, Inc.

CVEs (124)

  • CVE-2019-1627Jun 20, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is…

  • CVE-2019-1628Jun 20, 2019
    risk 0.00cvss epss 0.00

    A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds…

  • CVE-2019-1629Jun 20, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily…

  • CVE-2019-1630Jun 20, 2019
    risk 0.00cvss epss 0.00

    A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking…

  • CVE-2019-1880Jun 5, 2019
    risk 0.00cvss epss 0.00

    A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware…

  • CVE-2015-6415Dec 12, 2015
    risk 0.00cvss epss 0.02

    Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757.

  • CVE-2015-6355Nov 4, 2015
    risk 0.00cvss epss 0.02

    The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.

  • CVE-2015-4279Jul 20, 2015
    risk 0.00cvss epss 0.00

    The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.

  • CVE-2015-4259Jul 10, 2015
    risk 0.00cvss epss 0.01

    The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of…

  • CVE-2015-4183Jun 17, 2015
    risk 0.00cvss epss 0.01

    Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.

  • CVE-2015-0633Feb 26, 2015
    risk 0.00cvss epss 0.01

    The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.

  • CVE-2015-0599Feb 3, 2015
    risk 0.00cvss epss 0.01

    The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other…

  • CVE-2014-8009Dec 10, 2014
    risk 0.00cvss epss 0.01

    The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239.

  • CVE-2014-8003Dec 10, 2014
    risk 0.00cvss epss 0.00

    Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998.

  • CVE-2014-7996Nov 18, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.

  • CVE-2014-7989Nov 7, 2014
    risk 0.00cvss epss 0.00

    Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.

  • CVE-2014-3348Sep 10, 2014
    risk 0.00cvss epss 0.03

    The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.

  • CVE-2013-5550Oct 22, 2013
    risk 0.00cvss epss 0.00

    The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549.

  • CVE-2012-4115Oct 21, 2013
    risk 0.00cvss epss 0.01

    The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server…

  • CVE-2012-4117Oct 19, 2013
    risk 0.00cvss epss 0.01

    The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033.

Page 4 of 7