Vulnerabilities > Cisco > Unified Computing System Integrated Management Controller

DATE CVE VULNERABILITY TITLE RISK
2013-04-25 CVE-2013-1186 Improper Authentication vulnerability in Cisco products
Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.
network
low complexity
cisco CWE-287
7.5
7.5
2013-04-25 CVE-2013-1185 Information Exposure vulnerability in Cisco products
The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.
network
cisco CWE-200
critical
 9.3
9.3
2013-04-25 CVE-2013-1184 Improper Input Validation vulnerability in Cisco products
The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206.
network
low complexity
cisco CWE-20
7.8
7.8
2013-04-25 CVE-2013-1182 Permissions, Privileges, and Access Controls vulnerability in Cisco products
The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.
network
cisco CWE-264
critical
 9.3
9.3