CVEDB API

Vulnerabilities

Vulnerable Software

Cisco: >> Unified Computing System Central Software >> 1.3(0.1) Security Vulnerabilities

CVE-2021-1354

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.

CVSS Score

4.3

EPSS Score

0.0

Published

2021-02-04

CVE-2016-1352

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.

CVSS Score

9.8

EPSS Score

0.004

Published

2016-04-14

CVE-2015-6388

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.

CVSS Score

5.0

EPSS Score

0.003

Published

2015-12-05

CVE-2015-6387

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.

CVSS Score

4.3

EPSS Score

0.004

Published

2015-12-05

Page 1

Vulnerabilities

Vulnerable Software

Cisco: >> Unified Computing System Central Software >> 1.3(0.1) Security Vulnerabilities

Products

Pricing

Contact Us