Vulnerabilities > Cisco > Unified Computing System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-02 | CVE-2012-4109 | Improper Input Validation vulnerability in Cisco Unified Computing System The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559. | 6.8 |
| 2013-10-02 | CVE-2012-4104 | Path Traversal vulnerability in Cisco Unified Computing System Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706. | 6.6 |
| 2013-10-02 | CVE-2012-4103 | Improper Input Validation vulnerability in Cisco Unified Computing System ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. | 6.8 |
| 2013-10-02 | CVE-2012-4102 | Improper Input Validation vulnerability in Cisco Unified Computing System The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600. | 6.8 |
| 2013-10-02 | CVE-2012-4095 | Improper Input Validation vulnerability in Cisco Unified Computing System The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521. | 5.5 |
| 2013-10-01 | CVE-2012-4096 | Improper Input Validation vulnerability in Cisco Unified Computing System The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574. | 6.2 |
| 2013-09-27 | CVE-2012-1313 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. | 6.5 |
| 2013-09-26 | CVE-2012-4092 | Improper Input Validation vulnerability in Cisco Unified Computing System The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. | 5.8 |
| 2013-09-26 | CVE-2012-4088 | Credentials Management vulnerability in Cisco Unified Computing System The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | 4.3 |
| 2013-09-26 | CVE-2012-4079 | Improper Input Validation vulnerability in Cisco Unified Computing System The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206. | 5.0 |