Vulnerabilities > Cisco > Unified Computing System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-19 | CVE-2012-4113 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. | 4.6 |
| 2013-10-19 | CVE-2012-4112 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. | 6.8 |
| 2013-10-13 | CVE-2012-4108 | OS Command Injection vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | 6.8 |
| 2013-10-13 | CVE-2012-4107 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | 4.6 |
| 2013-10-13 | CVE-2012-4106 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. | 6.8 |
| 2013-10-13 | CVE-2012-4105 | Improper Input Validation vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468. | 4.6 |
| 2013-10-05 | CVE-2012-4084 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755. | 6.8 |
| 2013-10-03 | CVE-2012-4136 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910. | 6.8 |
| 2013-10-02 | CVE-2012-4111 | Improper Input Validation vulnerability in Cisco Unified Computing System The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563. | 6.8 |
| 2013-10-02 | CVE-2012-4110 | Improper Input Validation vulnerability in Cisco Unified Computing System run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | 6.8 |