Cisco Ucs Central Software vulnerabilities

5 known vulnerabilities affecting cisco/ucs_central_software.

Total CVEs

5

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2024-20280MEDIUMCVSS 6.3v1.0\(1a\)v1.1\(1a\)+36 more2024-10-16

CVE-2024-20280 [MEDIUM] CWE-321 CVE-2024-20280: A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with acc A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this

CVE-2023-20012MEDIUMCVSS 4.6≥ 4.2, < 4.2\(2d\)2023-02-23

CVE-2023-20012 [MEDIUM] CWE-287 CVE-2023-20012: A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extend A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker

CVE-2023-20015MEDIUMCVSS 6.7≥ 4.0, < 4.0\(4o\)≥ 4.1, < 4.1\(3k\)+1 more2023-02-23

CVE-2023-20015 [MEDIUM] CWE-78 CVE-2023-20015: A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker

CVE-2023-20016MEDIUMCVSS 6.5fixed in 4.2\(3c\)2023-02-23

CVE-2023-20016 [MEDIUM] CWE-321 CVE-2023-20016: A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configu A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the

CVE-2021-44228CRITICALCVSS 10.0KEVPoCv2.0v2.0\(1a\)+9 more2021-12-10

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD