UCS Central Software
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1352 | Cri | 0.64 | 9.8 | 0.00 | Apr 14, 2016 | Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. | ||
| CVE-2017-12255 | Med | 0.44 | 6.7 | 0.00 | Sep 21, 2017 | A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could… | ||
| CVE-2017-12349 | Med | 0.35 | 5.4 | 0.00 | Nov 30, 2017 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.… | ||
| CVE-2017-12348 | Med | 0.35 | 5.4 | 0.00 | Nov 30, 2017 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.… | ||
| CVE-2024-20280 | 0.00 | — | 0.00 | Oct 16, 2024 | A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption… | |||
| CVE-2015-6387 | 0.00 | — | 0.00 | Dec 5, 2015 | Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. | |||
| CVE-2015-4286 | 0.00 | — | 0.00 | Jul 29, 2015 | The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||
| CVE-2015-4183 | 0.00 | — | 0.00 | Jun 17, 2015 | Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | |||
| CVE-2015-0701 | 0.00 | — | 0.01 | May 7, 2015 | Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. | |||
| CVE-2012-4092 | 0.00 | — | 0.00 | Sep 26, 2013 | The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug… |
- risk 0.64cvss 9.8epss 0.00
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could…
- risk 0.35cvss 5.4epss 0.00
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…
- risk 0.35cvss 5.4epss 0.00
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…
- CVE-2024-20280Oct 16, 2024risk 0.00cvss —epss 0.00
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption…
- CVE-2015-6387Dec 5, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.
- CVE-2015-4286Jul 29, 2015risk 0.00cvss —epss 0.00
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
- CVE-2015-4183Jun 17, 2015risk 0.00cvss —epss 0.00
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.
- CVE-2015-0701May 7, 2015risk 0.00cvss —epss 0.01
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.
- CVE-2012-4092Sep 26, 2013risk 0.00cvss —epss 0.00
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug…