Cisco Integrated Management Controller Supervisor vulnerabilities

CVE-2018-0149 [MEDIUM] CWE-79 CVE-2018-0149: A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supe A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affect

CVE-2017-6619 [HIGH] CWE-20 CVE-2017-6619: A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could a A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by send

CVE-2017-6616 [HIGH] CWE-20 CVE-2017-6616: A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could a A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An atta

CVE-2017-6618 [MEDIUM] CWE-79 CVE-2017-6618: A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could a A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an auth

CVE-2017-6617 [MEDIUM] CWE-287 CVE-2017-6617: A vulnerability in the session identification management functionality of the web-based GUI of Cisco A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a us

CVE-2015-6399 [MEDIUM] CWE-399 CVE-2015-6399: The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) all The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.

CVE-2015-6259 [CRITICAL] CWE-20 CVE-2015-6259: The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor befo The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.