cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20294,https://securityvulnerability.io/vulnerability/CVE-2024-20294,Cisco FXOS Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
 This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.
 Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).",Cisco,"Cisco Nx-os Software,Cisco Unified Computing System (managed),Cisco Firepower Extensible Operating System (fxos),Cisco Nx-os System Software In Aci Mode",6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2020-3241,https://securityvulnerability.io/vulnerability/CVE-2020-3241,Cisco UCS Director Path Traversal Vulnerability,"A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device.",Cisco,Cisco Unified Computing System (management Software),6.5,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3242,https://securityvulnerability.io/vulnerability/CVE-2020-3242,Cisco UCS Director Information Disclosure Vulnerability,"A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device.",Cisco,Cisco Unified Computing System (management Software),4.9,MEDIUM,0.0017800000496208668,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2019-1885,https://securityvulnerability.io/vulnerability/CVE-2019-1885,Cisco Integrated Management Controller Command Injection Vulnerability,"A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.",Cisco,Cisco Unified Computing System (management Software),7.2,HIGH,0.0017900000093504786,false,,false,false,true,2024-08-04T19:16:16.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1871,https://securityvulnerability.io/vulnerability/CVE-2019-1871,Cisco Integrated Management Controller Buffer Overflow Vulnerability,"A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.",Cisco,Cisco Unified Computing System (management Software),7.2,HIGH,0.0014100000262260437,false,,false,false,true,2024-08-04T19:16:15.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1907,https://securityvulnerability.io/vulnerability/CVE-2019-1907,Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability,"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.",Cisco,Cisco Unified Computing System (management Software),8.8,HIGH,0.0015200000489130616,false,,false,false,true,2024-08-04T19:16:17.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1908,https://securityvulnerability.io/vulnerability/CVE-2019-1908,Cisco Integrated Management Controller Information Disclosure Vulnerability,"A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.",Cisco,Cisco Unified Computing System (management Software),7.5,HIGH,0.0033599999733269215,false,,false,false,true,2024-08-04T19:16:17.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1900,https://securityvulnerability.io/vulnerability/CVE-2019-1900,Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability,"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.",Cisco,Cisco Unified Computing System (management Software),7.5,HIGH,0.0010499999625608325,false,,false,false,true,2024-08-04T19:16:16.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1630,https://securityvulnerability.io/vulnerability/CVE-2019-1630,Cisco Integrated Management Controller Denial of Service Vulnerability,"A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system.",Cisco,Cisco Unified Computing System (management Software),5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1628,https://securityvulnerability.io/vulnerability/CVE-2019-1628,Cisco Integrated Management Controller Denial of Service Vulnerability,"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. An exploit could allow the attacker to cause a buffer overflow, resulting in a process crash and DoS condition on the device.",Cisco,Cisco Unified Computing System (management Software),5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1631,https://securityvulnerability.io/vulnerability/CVE-2019-1631,Cisco Integrated Management Controller Information Disclosure Vulnerability,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow an attacker to view sensitive system data.",Cisco,Cisco Unified Computing System (management Software),5.3,MEDIUM,0.0006799999973736703,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1632,https://securityvulnerability.io/vulnerability/CVE-2019-1632,Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on the affected device.",Cisco,Cisco Unified Computing System (management Software),4.6,MEDIUM,0.0008099999977275729,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1629,https://securityvulnerability.io/vulnerability/CVE-2019-1629,Cisco Integrated Management Controller Arbitrary File Write Vulnerability,"A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.",Cisco,Cisco Unified Computing System (management Software),5.3,MEDIUM,0.0008099999977275729,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1879,https://securityvulnerability.io/vulnerability/CVE-2019-1879,Cisco Integrated Management Controller CLI Command Injection Vulnerability,"A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.",Cisco,Cisco Unified Computing System (management Software),6.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:15.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1627,https://securityvulnerability.io/vulnerability/CVE-2019-1627,Cisco Integrated Management Controller Information Disclosure Vulnerability,"A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.",Cisco,Cisco Unified Computing System (management Software),6.5,MEDIUM,0.0010400000028312206,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-06-20T03:15:00.000Z,0