Vulnerabilities > Cisco > Unified Computing System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2017-12255 | Improper Input Validation vulnerability in Cisco Unified Computing System 1.5(1C) A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. | 6.7 |
| 2017-04-07 | CVE-2017-6604 | Open Redirect vulnerability in Cisco Unified Computing System 2.2(8B)/3.0(1C)/3.1(2C)B A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
| 2017-04-07 | CVE-2017-6602 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 4.4 |
| 2017-04-07 | CVE-2017-6598 | Missing Authorization vulnerability in Cisco products A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. | 6.7 |