CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-1354

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.8%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 2.7

References

Products affected by CVE-2021-1354

Cisco » Unified Computing System Central Software » Version: 1.0

cpe:2.3:a:cisco:unified_computing_system_central_software:1.0
Cisco » Unified Computing System Central Software » Version: 1.0(1a)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.0(1a)
Cisco » Unified Computing System Central Software » Version: 1.0_base

cpe:2.3:a:cisco:unified_computing_system_central_software:1.0_base
Cisco » Unified Computing System Central Software » Version: 1.1

cpe:2.3:a:cisco:unified_computing_system_central_software:1.1
Cisco » Unified Computing System Central Software » Version: 1.1(1a)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.1(1a)
Cisco » Unified Computing System Central Software » Version: 1.1(1b)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.1(1b)
Cisco » Unified Computing System Central Software » Version: 1.1_base

cpe:2.3:a:cisco:unified_computing_system_central_software:1.1_base
Cisco » Unified Computing System Central Software » Version: 1.2(1a)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.2(1a)
Cisco » Unified Computing System Central Software » Version: 1.2(1d)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.2(1d)
Cisco » Unified Computing System Central Software » Version: 1.2(1e)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.2(1e)
Cisco » Unified Computing System Central Software » Version: 1.2(1f)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.2(1f)
Cisco » Unified Computing System Central Software » Version: 1.3(0.1)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.3(0.1)
Cisco » Unified Computing System Central Software » Version: 1.3(0.99)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.3(0.99)
Cisco » Unified Computing System Central Software » Version: 1.4(1a)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.4(1a)
Cisco » Unified Computing System Central Software » Version: 1.5(1c)

cpe:2.3:a:cisco:unified_computing_system_central_software:1.5(1c)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-1354

Products

Pricing

Contact Us