Cisco Unified Computing System vulnerabilities

CVE-2019-1631 [MEDIUM] CWE-306 CVE-2019-1631: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnerability by sending a crafted HTTP r

CVE-2019-1629 [MEDIUM] CWE-306 CVE-2019-1629: A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malic

CVE-2019-1880 [MEDIUM] CWE-345 CVE-2019-1880: A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Se A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the