Vulnerabilities > Cisco > Unified Computing System > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-20 | CVE-2012-4073 | Cryptographic Issues vulnerability in Cisco Unified Computing System The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. | 5.8 |
2013-09-20 | CVE-2012-4072 | Improper Input Validation vulnerability in Cisco Unified Computing System The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327. | 4.3 |
2013-08-02 | CVE-2013-1190 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850. | 5.0 |
2011-10-27 | CVE-2011-2569 | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. | 6.8 |