Cisco Unified Computing System vulnerabilities

CVE-2025-20292 [MEDIUM] CWE-78 CVE-2025-20292: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of us

CVE-2025-20294 [MEDIUM] CWE-78 CVE-2025-20294: Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. These vulnerabilities are due to insufficient input validation of command argument

CVE-2025-20261 [HIGH] CWE-923 CVE-2025-20261: A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for C A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal ser

CVE-2024-20397 [MEDIUM] CWE-284 CVE-2024-20397: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker wi A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vul

CVE-2020-26063 [MEDIUM] CWE-269 CVE-2020-26063: A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an a A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicio

CVE-2020-26062 [MEDIUM] CWE-203 CVE-2020-26062: A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remot A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability

CVE-2024-20365 [HIGH] CWE-77 CVE-2024-20365: A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attack

CVE-2024-20356 [HIGH] CWE-78 CVE-2024-20356: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attac

CVE-2024-20295 [HIGH] CWE-78 CVE-2024-20295: A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authen A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability

CVE-2024-20294 [MEDIUM] CWE-805 CVE-2024-20294: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vu

CVE-2024-20344 [MEDIUM] CWE-400 CVE-2024-20344: A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This vulnerability is due to insufficient rate-limiting of TCP conn

CVE-2023-20200 [MEDIUM] CWE-835 CVE-2023-20200: A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due t

CVE-2023-20228 [MEDIUM] CWE-80 CVE-2023-20228: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persua

CVE-2023-20012 [MEDIUM] CWE-287 CVE-2023-20012: A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extend A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker

CVE-2023-20015 [MEDIUM] CWE-78 CVE-2023-20015: A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker

CVE-2023-20016 [MEDIUM] CWE-321 CVE-2023-20016: A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configu A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the

CVE-2021-34736 [HIGH] CWE-20 CVE-2021-34736: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit thi

CVE-2021-1592 [MEDIUM] CWE-664 CVE-2021-1592: A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authentica A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number

CVE-2021-1397 [MEDIUM] CWE-601 CVE-2021-1397: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuadin

CVE-2020-3470 [CRITICAL] CWE-119 CVE-2020-3470: Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP