Total
107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4111 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.8 MEDIUM | N/A |
The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563. | |||||
CVE-2012-4116 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 4.3 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. | |||||
CVE-2012-4095 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.5 MEDIUM | N/A |
The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521. | |||||
CVE-2012-4107 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | |||||
CVE-2012-4113 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. | |||||
CVE-2012-4088 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 4.3 MEDIUM | N/A |
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | |||||
CVE-2012-4110 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.8 MEDIUM | N/A |
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | |||||
CVE-2012-4082 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.8 MEDIUM | N/A |
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. | |||||
CVE-2012-4115 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. | |||||
CVE-2012-4117 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. | |||||
CVE-2012-4093 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 4.6 MEDIUM | N/A |
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. | |||||
CVE-2012-4104 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.6 MEDIUM | N/A |
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706. | |||||
CVE-2012-4084 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755. | |||||
CVE-2013-5550 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. | |||||
CVE-2012-4086 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.1 MEDIUM | N/A |
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | |||||
CVE-2012-4089 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.6 MEDIUM | N/A |
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239. | |||||
CVE-2012-4087 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.1 MEDIUM | N/A |
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. | |||||
CVE-2012-4073 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.8 MEDIUM | N/A |
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. | |||||
CVE-2013-1190 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.0 MEDIUM | N/A |
The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850. | |||||
CVE-2012-1313 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.5 MEDIUM | N/A |
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. |