Cisco Ucs Manager vulnerabilities

CVE-2021-1397 [MEDIUM] CWE-601 CVE-2021-1397: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuadin

CVE-2020-10136 [MEDIUM] CWE-290 CVE-2020-10136: IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate a IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

CVE-2020-3172 [HIGH] CWE-20 CVE-2020-3172: A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Softw A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers

CVE-2020-3173 [HIGH] CWE-78 CVE-2020-3173: A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow a A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by inc

CVE-2020-3167 [HIGH] CWE-78 CVE-2020-3167: A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an auth A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A

CVE-2020-3171 [HIGH] CWE-78 CVE-2020-3171: A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manage A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by

CVE-2020-3119 [HIGH] CWE-787 CVE-2020-3119: A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol

CVE-2020-3120 [MEDIUM] CWE-190 CVE-2020-3120: A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software proce

CVE-2026-20036 Cisco UCS Manager Software Command Injection Vulnerability CVE-2026-20036: Cisco UCS Manager Software Command Injection Vulnerability A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation of command arguments that are

CVE-2026-20037 Cisco UCS Manager Software Privilege Escalation Vulnerability CVE-2026-20037: Cisco UCS Manager Software Privilege Escalation Vulnerability A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerabili

CVE-2021-1592 Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability CVE-2021-1592: Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by op

CVE-2025-20295 Cisco UCS Manager Software Command Injection Vulnerabilities CVE-2025-20295: Cisco UCS Manager Software Command Injection Vulnerabilities Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root . For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-78, CWE-

CVE-2025-20294 Cisco UCS Manager Software Command Injection Vulnerabilities CVE-2025-20294: Cisco UCS Manager Software Command Injection Vulnerabilities Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root . For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-78, CWE-

CVE-2020-3504 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability CVE-2020-3504: Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnera

CVE-2025-20296 Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability CVE-2025-20296: Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface