Cisco Unified Computing System Central Software vulnerabilities

12 known vulnerabilities affecting cisco/unified_computing_system_central_software.

Total CVEs

12

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH2MEDIUM7LOW1

Vulnerabilities

Page 1 of 1

CVE-2021-1354LOWCVSS 3.5fixed in 2.0\(1m\)2021-02-04

CVE-2021-1354 [MEDIUM] CWE-295 CVE-2021-1354: A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Cent A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a craft

CVE-2018-0113HIGHCVSS 8.8v1.5\(1c\)2018-02-08

CVE-2018-0113 [HIGH] CWE-20 CVE-2018-0113: A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote at A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Centr

CVE-2018-0094HIGHCVSS 7.5v1.4\(1a\)2018-01-18

CVE-2018-0094 [HIGH] CWE-693 CVE-2018-0094: A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unau A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulner

CVE-2017-12349MEDIUMCVSS 5.4v2.2\(1a\)a2017-11-30

CVE-2017-12349 [MEDIUM] CWE-79 CVE-2017-12349: Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could a Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.

CVE-2017-12348MEDIUMCVSS 5.4v2.2\(1a\)a2017-11-30

CVE-2017-12348 [MEDIUM] CWE-79 CVE-2017-12348: Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could a Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.

CVE-2016-1401MEDIUMCVSS 6.1v1.4\(1a\)2016-05-21

CVE-2016-1401 [MEDIUM] CWE-79 CVE-2016-1401: Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing Syst Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.

CVE-2016-1352CRITICALCVSS 9.8v1.3\(0.1\)2016-04-14

CVE-2016-1352 [CRITICAL] CWE-78 CVE-2016-1352: Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.

CVE-2015-6387MEDIUMCVSS 4.3v1.3\(0.1\)2015-12-05

CVE-2015-6387 [MEDIUM] CWE-79 CVE-2015-6387: Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1. Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.

CVE-2015-6388MEDIUMCVSS 5.0v1.3\(0.1\)2015-12-05

CVE-2015-6388 [MEDIUM] CVE-2015-6388: Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct se Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.

CVE-2015-4286MEDIUMCVSS 5.0v1.3\(0.99\)2015-07-29

CVE-2015-4286 [MEDIUM] CWE-20 CVE-2015-4286: The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.

CVE-2015-0701CRITICALCVSS 10.0v1.0_basev1.1_base+4 more2015-05-07

CVE-2015-0701 [CRITICAL] CWE-20 CVE-2015-0701: Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

CVE-2014-0730MEDIUMCVSS 6.8≤ 1.1v1.02014-02-22

CVE-2014-0730 [MEDIUM] CWE-20 CVE-2014-0730: Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain pri Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.