Cisco Ucs Director vulnerabilities

CVE-2019-1936 [HIGH] CWE-20 CVE-2019-1936: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged

CVE-2019-12634 [HIGH] CWE-264 CVE-2019-12634: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An att

CVE-2018-15405 [MEDIUM] CWE-285 CVE-2018-15405: A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Contro A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. A

CVE-2018-15406 [MEDIUM] CWE-79 CVE-2018-15406: A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthent A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based manage

CVE-2018-0148 [HIGH] CWE-352 CVE-2018-0148: A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integ A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF

CVE-2014-0709 [CRITICAL] CWE-255 CVE-2014-0709: Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.