National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/h:cisco:unified_computing_system:-
There are 46 matching records.
Displaying matches 41 through 46.
Vuln ID Summary CVSS Severity
CVE-2012-4083

Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751.

Published: September 20, 2013; 12:55:07 PM -04:00
V2: 4.0 MEDIUM
CVE-2012-4074

The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.

Published: September 20, 2013; 12:55:07 PM -04:00
V2: 5.8 MEDIUM
CVE-2012-4073

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

Published: September 20, 2013; 12:55:07 PM -04:00
V2: 5.8 MEDIUM
CVE-2012-4072

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

Published: September 20, 2013; 12:55:03 PM -04:00
V2: 4.3 MEDIUM
CVE-2013-1190

The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850.

Published: August 02, 2013; 08:10:40 AM -04:00
V2: 5.0 MEDIUM
CVE-2011-2569

Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.

Published: October 27, 2011; 05:55:00 PM -04:00
V2: 6.8 MEDIUM