VYPR

Unified Computing System

by Cisco Systems, Inc.

CVEs (124)

  • CVE-2012-4088Sep 26, 2013
    risk 0.00cvss epss 0.01

    The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769.

  • CVE-2012-4079Sep 26, 2013
    risk 0.00cvss epss 0.01

    The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206.

  • CVE-2012-4086Sep 25, 2013
    risk 0.00cvss epss 0.03

    A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790.

  • CVE-2012-4094Sep 24, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198.

  • CVE-2012-4089Sep 24, 2013
    risk 0.00cvss epss 0.00

    MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID…

  • CVE-2012-4087Sep 24, 2013
    risk 0.00cvss epss 0.02

    A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793.

  • CVE-2012-4085Sep 24, 2013
    risk 0.00cvss epss 0.02

    The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761.

  • CVE-2012-4078Sep 24, 2013
    risk 0.00cvss epss 0.04

    The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656.

  • CVE-2012-4082Sep 20, 2013
    risk 0.00cvss epss 0.00

    MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.

  • CVE-2012-4081Sep 20, 2013
    risk 0.00cvss epss 0.00

    MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734.

  • CVE-2012-4093Sep 20, 2013
    risk 0.00cvss epss 0.00

    The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186.

  • CVE-2012-4083Sep 20, 2013
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID…

  • CVE-2012-4074Sep 20, 2013
    risk 0.00cvss epss 0.01

    The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of…

  • CVE-2012-4073Sep 20, 2013
    risk 0.00cvss epss 0.01

    The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

  • CVE-2012-4072Sep 20, 2013
    risk 0.00cvss epss 0.01

    The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

  • CVE-2013-1190Aug 2, 2013
    risk 0.00cvss epss 0.01

    The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by…

  • CVE-2013-1198Apr 29, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430.

  • CVE-2013-1186Apr 25, 2013
    risk 0.00cvss epss 0.02

    Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.

  • CVE-2013-1185Apr 25, 2013
    risk 0.00cvss epss 0.02

    The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.

  • CVE-2013-1182Apr 25, 2013
    risk 0.00cvss epss 0.04

    The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.

Page 6 of 7