Cisco Unified Computing System Director vulnerabilities
9 known vulnerabilities affecting cisco/cisco_unified_computing_system_director.
Total CVEs
9
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-1937CRITICALCVSS 9.8PoC≥ unspecified, < 6.7.3.02019-08-21
CVE-2019-1937 [CRITICAL] CWE-287 CVE-2019-1937: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to in
cvelistv5nvd
CVE-2019-1935CRITICALCVSS 9.8PoC≥ unspecified, < 6.7.3.02019-08-21
CVE-2019-1935 [CRITICAL] CWE-798 CVE-2019-1935: A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of
cvelistv5nvd
CVE-2019-1974CRITICALCVSS 9.8≥ unspecified, < 6.7.3.02019-08-21
CVE-2019-1974 [CRITICAL] CWE-287 CVE-2019-1974: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request hea
cvelistv5nvd
CVE-2019-1938CRITICALCVSS 9.8≥ unspecified, < 6.7.3.02019-08-21
CVE-2019-1938 [CRITICAL] CWE-287 CVE-2019-1938: A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director E
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An at
cvelistv5nvd
CVE-2019-12634HIGHCVSS 7.5≥ unspecified, < 6.7.3.02019-08-21
CVE-2019-12634 [HIGH] CWE-264 CVE-2019-12634: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An att
cvelistv5nvd
CVE-2019-1936HIGHCVSS 7.2PoC≥ unspecified, < 6.7.3.02019-08-21
CVE-2019-1936 [HIGH] CWE-20 CVE-2019-1936: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged
cvelistv5nvd
CVE-2018-15405MEDIUMCVSS 6.5vn/a2018-10-05
CVE-2018-15405 [MEDIUM] CWE-285 CVE-2018-15405: A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Contro
A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. A
cvelistv5nvd
CVE-2018-15406MEDIUMCVSS 6.1vn/a2018-10-05
CVE-2018-15406 [MEDIUM] CWE-79 CVE-2018-15406: A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthent
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based manage
cvelistv5nvd
CVE-2018-15404MEDIUMCVSS 6.5vn/a2018-10-05
CVE-2018-15404 [MEDIUM] CWE-399 CVE-2018-15404: A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web inte
cvelistv5nvd