Cisco Unified Computing System vulnerabilities

CVE-2017-12332 [MEDIUM] CWE-434 CVE-2017-12332: A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, loca A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vul

CVE-2017-12334 [MEDIUM] CWE-20 CVE-2017-12334: A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by in

CVE-2017-12333 [MEDIUM] CWE-347 CVE-2017-12333: A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypas A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and l

CVE-2017-12255 [MEDIUM] CWE-20 CVE-2017-12255: A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacke A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted argum

CVE-2017-6633 [HIGH] CWE-119 CVE-2017-6633: A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could al A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN p

CVE-2017-6597 [HIGH] CWE-78 CVE-2017-6597: A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, C A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.

CVE-2017-6600 [HIGH] CWE-78 CVE-2017-6600: A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. K

CVE-2017-6601 [HIGH] CWE-78 CVE-2017-6601: A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. K

CVE-2017-6602 [MEDIUM] CWE-78 CVE-2017-6602: A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Ser A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Kno

CVE-2017-6604 [MEDIUM] CWE-601 CVE-2017-6604: A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing S

CVE-2017-6598 [MEDIUM] CWE-862 CVE-2017-6598: A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manag A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. K

CVE-2016-6402 [HIGH] CWE-264 CVE-2016-6402: UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

CVE-2015-0718 [HIGH] CWE-399 CVE-2015-0718: Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Comp Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.

CVE-2015-6435 [CRITICAL] CWE-78 CVE-2015-6435: An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Co An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.

CVE-2015-6415 [HIGH] CWE-399 CVE-2015-6415: Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote atta Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757.

CVE-2015-6355 [MEDIUM] CWE-200 CVE-2015-6355: The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote at The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.

CVE-2015-4279 [HIGH] CWE-78 CVE-2015-4279: The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allo The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.

CVE-2015-4259 [MEDIUM] CWE-310 CVE-2015-4259: The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.

CVE-2015-4183 [HIGH] CWE-78 CVE-2015-4183: Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution vi Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.

CVE-2015-0633 [MEDIUM] CWE-20 CVE-2015-0633: The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earli The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.