Cisco Unified Computing System vulnerabilities

CVE-2019-1850 [HIGH] CWE-78 CVE-2019-1850: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to in

CVE-2019-1871 [HIGH] CWE-119 CVE-2019-1871: A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Control A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config pro

CVE-2019-1863 [HIGH] CWE-285 CVE-2019-1863: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP r

CVE-2019-1632 [MEDIUM] CWE-352 CVE-2019-1632: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface o

CVE-2019-1631 [MEDIUM] CWE-306 CVE-2019-1631: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnerability by sending a crafted HTTP r

CVE-2019-1627 [MEDIUM] CWE-78 CVE-2019-1627: A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attack

CVE-2019-1879 [MEDIUM] CWE-78 CVE-2019-1879: A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authentica A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the admini

CVE-2019-1628 [MEDIUM] CWE-191 CVE-2019-1628: A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an aut A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by sending a crafted HTTP

CVE-2019-1630 [MEDIUM] CWE-119 CVE-2019-1630: A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passi

CVE-2019-1629 [MEDIUM] CWE-306 CVE-2019-1629: A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malic

CVE-2019-1725 [MEDIUM] CWE-78 CVE-2019-1725: A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B- A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allowed for a specific subset of local management CLI comman

CVE-2018-0431 [HIGH] CWE-77 CVE-2018-0431: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could e

CVE-2018-0430 [HIGH] CWE-77 CVE-2018-0430: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could e

CVE-2018-0338 [HIGH] CWE-20 CVE-2018-0338: A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit

CVE-2017-12338 [MEDIUM] CWE-20 CVE-2017-12338: A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker

CVE-2017-12331 [MEDIUM] CWE-347 CVE-2017-12331: A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypas A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and

CVE-2017-12329 [MEDIUM] CWE-77 CVE-2017-12329: A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System So A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting craft

CVE-2017-12336 [MEDIUM] CWE-20 CVE-2017-12336: A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authent A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL

CVE-2017-12335 [MEDIUM] CWE-77 CVE-2017-12335: A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unautho

CVE-2017-12341 [MEDIUM] CWE-77 CVE-2017-12341: A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit t