Vulnerabilities > Cisco > Unified Computing System

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0
2021-10-21 CVE-2021-34736 Improper Input Validation vulnerability in Cisco Unified Computing System
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart.
network
low complexity
cisco CWE-20
7.5
2021-08-25 CVE-2021-1590 Unspecified vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition.
network
low complexity
cisco
5.3
2021-08-25 CVE-2021-1592 Allocation of Resources Without Limits or Throttling vulnerability in Cisco Unified Computing System
A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-770
4.3
2021-02-24 CVE-2021-1387 Memory Leak vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-401
8.6
2021-02-24 CVE-2021-1368 Out-of-bounds Write vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-787
8.8
2020-09-23 CVE-2019-1736 Improper Verification of Cryptographic Signature vulnerability in Cisco products
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device.
local
cisco CWE-347
6.9
2020-06-02 CVE-2020-10136 Authentication Bypass by Spoofing vulnerability in multiple products
Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors.
network
low complexity
cisco digi hp treck CWE-290
5.0
2019-08-30 CVE-2019-1966 Unspecified vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device.
local
low complexity
cisco
7.2
2019-08-21 CVE-2019-1908 Unspecified vulnerability in Cisco products
A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information.
network
low complexity
cisco
5.0