Total
107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4136 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 6.8 MEDIUM | N/A |
The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910. | |||||
CVE-2012-4107 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | |||||
CVE-2012-4095 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 5.5 MEDIUM | N/A |
The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521. | |||||
CVE-2012-4088 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 4.3 MEDIUM | N/A |
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | |||||
CVE-2012-4106 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 6.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. | |||||
CVE-2012-4105 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468. | |||||
CVE-2012-4093 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 4.6 MEDIUM | N/A |
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. | |||||
CVE-2012-4092 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 5.8 MEDIUM | N/A |
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. | |||||
CVE-2012-4079 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 5.0 MEDIUM | N/A |
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206. | |||||
CVE-2012-4073 | 1 Cisco | 1 Unified Computing System | 2016-09-09 | 5.8 MEDIUM | N/A |
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. | |||||
CVE-2014-8009 | 1 Cisco | 1 Unified Computing System | 2015-01-23 | 5.0 MEDIUM | N/A |
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. | |||||
CVE-2014-8003 | 1 Cisco | 1 Unified Computing System | 2015-01-23 | 7.2 HIGH | N/A |
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. | |||||
CVE-2013-5550 | 1 Cisco | 1 Unified Computing System | 2013-10-22 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. | |||||
CVE-2012-4115 | 1 Cisco | 1 Unified Computing System | 2013-10-21 | 5.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. | |||||
CVE-2012-4117 | 1 Cisco | 1 Unified Computing System | 2013-10-21 | 5.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. | |||||
CVE-2012-4116 | 1 Cisco | 1 Unified Computing System | 2013-10-21 | 4.3 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. | |||||
CVE-2012-4114 | 1 Cisco | 1 Unified Computing System | 2013-10-21 | 5.8 MEDIUM | N/A |
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. | |||||
CVE-2012-4113 | 1 Cisco | 1 Unified Computing System | 2013-10-21 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. | |||||
CVE-2012-4112 | 1 Cisco | 1 Unified Computing System | 2013-10-21 | 6.8 MEDIUM | N/A |
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. | |||||
CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2013-10-15 | 6.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. |