Vulnerabilities > Cisco > Unified Computing System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-25 | CVE-2021-1590 | Unspecified vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. | 5.3 |
| 2021-08-25 | CVE-2021-1592 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Unified Computing System A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.3 |
| 2020-09-23 | CVE-2019-1736 | Improper Verification of Cryptographic Signature vulnerability in Cisco products A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. | 6.9 |
| 2020-06-02 | CVE-2020-10136 | Authentication Bypass by Spoofing vulnerability in multiple products Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors. | 5.0 |
| 2019-08-21 | CVE-2019-1908 | Unspecified vulnerability in Cisco products A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. | 5.0 |
| 2019-08-21 | CVE-2019-1907 | Unspecified vulnerability in Cisco products A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. | 6.5 |
| 2019-06-20 | CVE-2019-1632 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.0 |
| 2019-06-20 | CVE-2019-1631 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. | 5.0 |
| 2019-06-20 | CVE-2019-1629 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. | 5.0 |
| 2019-06-20 | CVE-2019-1627 | Information Exposure vulnerability in Cisco products A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. | 4.0 |