Search Results (Refine Search)
- CPE Product Version: cpe:/h:cisco:unified_computing_system:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-4136 |
The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910. Published: October 03, 2013; 7:03:38 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4111 |
The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563. Published: October 02, 2013; 6:55:23 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4110 |
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. Published: October 02, 2013; 6:55:23 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4109 |
The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559. Published: October 02, 2013; 6:55:23 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4104 |
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706. Published: October 02, 2013; 6:55:23 PM -0400 |
V3.x:(not available) V2.0: 6.6 MEDIUM |
CVE-2012-4103 |
ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. Published: October 02, 2013; 6:55:23 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4102 |
The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600. Published: October 02, 2013; 6:55:23 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4095 |
The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521. Published: October 02, 2013; 6:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2012-4096 |
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574. Published: September 30, 2013; 8:55:12 PM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2012-1313 |
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. Published: September 27, 2013; 4:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2012-4088 |
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. Published: September 26, 2013; 10:16:22 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4092 |
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. Published: September 26, 2013; 10:16:22 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-4079 |
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206. Published: September 26, 2013; 10:16:06 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-4086 |
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. Published: September 25, 2013; 6:31:26 AM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2012-4094 |
Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198. Published: September 24, 2013; 6:35:51 AM -0400 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2012-4089 |
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239. Published: September 24, 2013; 6:35:51 AM -0400 |
V3.x:(not available) V2.0: 6.6 MEDIUM |
CVE-2012-4087 |
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. Published: September 24, 2013; 6:35:51 AM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2012-4085 |
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. Published: September 24, 2013; 6:35:51 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-4082 |
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. Published: September 20, 2013; 2:55:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4093 |
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. Published: September 20, 2013; 12:55:07 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |