cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-26062,https://securityvulnerability.io/vulnerability/CVE-2020-26062,Cisco Integrated Management Controller Vulnerability Could Allow Unauthorized Access to Administrative User Accounts,"A vulnerability exists in Cisco Integrated Management Controller that could enable an unauthenticated, remote attacker to enumerate valid usernames in the application. This issue arises from variations in the authentication responses that the application generates during login attempts. By exploiting this vulnerability, an attacker could send crafted authentication requests, identifying valid administrative usernames. This information could lead to follow-up attacks targeting those accounts. Mitigation options are limited as there are no effective workarounds to address this vulnerability.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-18T16:06:00.592Z,0
CVE-2020-26063,https://securityvulnerability.io/vulnerability/CVE-2020-26063,Cisco Integrated Management Controller Vulnerability Allows Unauthorized Actions,"A vulnerability exists within the API endpoints of Cisco Integrated Management Controller, enabling authenticated, remote attackers to bypass authorization mechanisms. This weakness stems from inadequate authorization checks on the API endpoints, permitting attackers to send crafted malicious requests. Exploitation of this vulnerability potentially allows attackers to download sensitive files or modify specific configuration settings on the compromised system. It is critical to note that there are currently no available workarounds to mitigate this risk.",Cisco,Cisco Unified Computing System (managed),5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-18T16:05:53.165Z,0
CVE-2024-20365,https://securityvulnerability.io/vulnerability/CVE-2024-20365,Cisco UCS B-Series Vulnerability: Command Injection Attacks and Elevated Privileges,"A security vulnerability exists within the Redfish API utilized in Cisco UCS B-Series, UCS Managed C-Series, and UCS X-Series Servers. The vulnerability is the result of inadequate input validation, allowing a remote attacker with administrative access to potentially execute crafted commands on the system. This exploit can lead to elevated privileges up to root level, compromising the integrity and security of the affected server. It is crucial for organizations using these products to implement security measures and apply any available patches to mitigate the risks associated with this vulnerability.",Cisco,Cisco Unified Computing System (managed),7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-02T16:52:46.381Z,0
CVE-2024-20294,https://securityvulnerability.io/vulnerability/CVE-2024-20294,Cisco FXOS Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
 This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.
 Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).",Cisco,"Cisco Nx-os Software,Cisco Unified Computing System (managed),Cisco Firepower Extensible Operating System (fxos),Cisco Nx-os System Software In Aci Mode",6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2024-20344,https://securityvulnerability.io/vulnerability/CVE-2024-20344,Cisco UCS Fabric Interconnects Vulnerable to Denial of Service Attack,"A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device.
 This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-07-26T15:15:04.000Z,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2023-20200,https://securityvulnerability.io/vulnerability/CVE-2023-20200,Denial of Service Vulnerability in Cisco FXOS and UCS 6300 Series,"A vulnerability exists in the Simple Network Management Protocol (SNMP) service of certain Cisco devices, allowing an authenticated, remote attacker to induce a denial of service condition. This flaw arises from the improper handling of crafted SNMP requests, potentially leading to device reloads. Exploiting this vulnerability requires knowledge of the SNMP community string on SNMPv2c or earlier, or valid SNMP user credentials on SNMPv3.",Cisco,"Cisco Unified Computing System (Managed),Cisco Firepower Extensible Operating System (FXOS)",6.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2023-08-23T19:15:00.000Z,0
CVE-2023-20015,https://securityvulnerability.io/vulnerability/CVE-2023-20015,"Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability","A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.",Cisco,Cisco Unified Computing System (managed),6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-10-28T17:15:04.000Z,,false,false,,2023-02-23T00:00:00.000Z,0
CVE-2023-20012,https://securityvulnerability.io/vulnerability/CVE-2023-20012,Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability,"A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.000539999979082495,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-02-23T00:00:00.000Z,0
CVE-2023-20016,https://securityvulnerability.io/vulnerability/CVE-2023-20016,Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability,"A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.",Cisco,Cisco Unified Computing System (managed),6.3,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-02-23T00:00:00.000Z,0
CVE-2021-34736,https://securityvulnerability.io/vulnerability/CVE-2021-34736,Cisco Integrated Management Controller GUI Denial of Service Vulnerability,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.0010499999625608325,false,,false,false,true,2024-08-04T02:15:22.000Z,,false,false,,2021-10-21T03:15:00.000Z,0
CVE-2021-1592,https://securityvulnerability.io/vulnerability/CVE-2021-1592,Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability,"A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.",Cisco,Cisco Unified Computing System (managed),4.3,MEDIUM,0.0009699999936856329,false,,false,false,true,2024-08-03T17:16:03.000Z,,false,false,,2021-08-25T00:00:00.000Z,0
CVE-2020-3504,https://securityvulnerability.io/vulnerability/CVE-2020-3504,Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability,"A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.",Cisco,Cisco Unified Computing System (managed),3.3,LOW,0.0004199999966658652,false,,false,false,true,2024-08-04T08:16:43.000Z,,false,false,,2020-08-27T16:15:00.000Z,0
CVE-2020-3241,https://securityvulnerability.io/vulnerability/CVE-2020-3241,Cisco UCS Director Path Traversal Vulnerability,"A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device.",Cisco,Cisco Unified Computing System (management Software),6.5,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3242,https://securityvulnerability.io/vulnerability/CVE-2020-3242,Cisco UCS Director Information Disclosure Vulnerability,"A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device.",Cisco,Cisco Unified Computing System (management Software),4.9,MEDIUM,0.0017800000496208668,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3172,https://securityvulnerability.io/vulnerability/CVE-2020-3172,Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability,"A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.",Cisco,Cisco Unified Computing System (managed),8.8,HIGH,0.00279999990016222,false,,false,false,true,2024-08-04T08:16:28.000Z,,false,false,,2020-02-26T00:00:00.000Z,0
CVE-2020-3173,https://securityvulnerability.io/vulnerability/CVE-2020-3173,Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability,"A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.",Cisco,Cisco Unified Computing System (managed),7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T08:16:28.000Z,,false,false,,2020-02-26T00:00:00.000Z,0
CVE-2020-3119,https://securityvulnerability.io/vulnerability/CVE-2020-3119,Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability,"A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",Cisco,Cisco Unified Computing System (managed),8.8,HIGH,0.0012400000123307109,false,,false,false,true,2024-08-04T08:16:25.000Z,,false,false,,2020-02-05T00:00:00.000Z,0
CVE-2019-1966,https://securityvulnerability.io/vulnerability/CVE-2019-1966,Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability,"A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device.",Cisco,Cisco Unified Computing System (managed),7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:21.000Z,,false,false,,2019-08-30T09:15:00.000Z,0
CVE-2019-1962,https://securityvulnerability.io/vulnerability/CVE-2019-1962,Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability,"A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information.",Cisco,Cisco Unified Computing System (managed),8.6,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T19:16:20.000Z,,false,false,,2019-08-28T00:00:00.000Z,0
CVE-2019-1963,https://securityvulnerability.io/vulnerability/CVE-2019-1963,Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability,"A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.",Cisco,Cisco Unified Computing System (managed),7.7,HIGH,0.0010100000072270632,false,,false,false,true,2024-08-04T19:16:20.000Z,,false,false,,2019-08-28T00:00:00.000Z,0
CVE-2019-1885,https://securityvulnerability.io/vulnerability/CVE-2019-1885,Cisco Integrated Management Controller Command Injection Vulnerability,"A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.",Cisco,Cisco Unified Computing System (management Software),7.2,HIGH,0.0017900000093504786,false,,false,false,true,2024-08-04T19:16:16.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1900,https://securityvulnerability.io/vulnerability/CVE-2019-1900,Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability,"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.",Cisco,Cisco Unified Computing System (management Software),7.5,HIGH,0.0010499999625608325,false,,false,false,true,2024-08-04T19:16:16.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1908,https://securityvulnerability.io/vulnerability/CVE-2019-1908,Cisco Integrated Management Controller Information Disclosure Vulnerability,"A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.",Cisco,Cisco Unified Computing System (management Software),7.5,HIGH,0.0033599999733269215,false,,false,false,true,2024-08-04T19:16:17.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1871,https://securityvulnerability.io/vulnerability/CVE-2019-1871,Cisco Integrated Management Controller Buffer Overflow Vulnerability,"A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.",Cisco,Cisco Unified Computing System (management Software),7.2,HIGH,0.0014100000262260437,false,,false,false,true,2024-08-04T19:16:15.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1907,https://securityvulnerability.io/vulnerability/CVE-2019-1907,Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability,"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.",Cisco,Cisco Unified Computing System (management Software),8.8,HIGH,0.0015200000489130616,false,,false,false,true,2024-08-04T19:16:17.000Z,,false,false,,2019-08-21T00:00:00.000Z,0