cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2020-26062,https://securityvulnerability.io/vulnerability/CVE-2020-26062,Cisco Integrated Management Controller Vulnerability Could Allow Unauthorized Access to Administrative User Accounts,"A vulnerability exists in Cisco Integrated Management Controller that could enable an unauthenticated, remote attacker to enumerate valid usernames in the application. This issue arises from variations in the authentication responses that the application generates during login attempts. By exploiting this vulnerability, an attacker could send crafted authentication requests, identifying valid administrative usernames. This information could lead to follow-up attacks targeting those accounts. Mitigation options are limited as there are no effective workarounds to address this vulnerability.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-18T16:06:00.592Z,0 CVE-2020-26063,https://securityvulnerability.io/vulnerability/CVE-2020-26063,Cisco Integrated Management Controller Vulnerability Allows Unauthorized Actions,"A vulnerability exists within the API endpoints of Cisco Integrated Management Controller, enabling authenticated, remote attackers to bypass authorization mechanisms. This weakness stems from inadequate authorization checks on the API endpoints, permitting attackers to send crafted malicious requests. Exploitation of this vulnerability potentially allows attackers to download sensitive files or modify specific configuration settings on the compromised system. It is critical to note that there are currently no available workarounds to mitigate this risk.",Cisco,Cisco Unified Computing System (managed),5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-18T16:05:53.165Z,0 CVE-2024-20280,https://securityvulnerability.io/vulnerability/CVE-2024-20280,Cisco UCS Central Software Vulnerability: Sensitive Information at Risk,"A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key.",Cisco,Cisco Unified Computing System Central Software,6.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-10-31T15:15:05.000Z,,false,false,,2024-10-16T17:15:00.000Z,0 CVE-2024-20365,https://securityvulnerability.io/vulnerability/CVE-2024-20365,Cisco UCS B-Series Vulnerability: Command Injection Attacks and Elevated Privileges,"A security vulnerability exists within the Redfish API utilized in Cisco UCS B-Series, UCS Managed C-Series, and UCS X-Series Servers. The vulnerability is the result of inadequate input validation, allowing a remote attacker with administrative access to potentially execute crafted commands on the system. This exploit can lead to elevated privileges up to root level, compromising the integrity and security of the affected server. It is crucial for organizations using these products to implement security measures and apply any available patches to mitigate the risks associated with this vulnerability.",Cisco,Cisco Unified Computing System (managed),7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-02T16:52:46.381Z,0 CVE-2024-20295,https://securityvulnerability.io/vulnerability/CVE-2024-20295,Cisco IMC CLI Vulnerability Could Lead to Privilege Elevation,"A vulnerability exists within the command-line interface (CLI) of Cisco's Integrated Management Controller (IMC) that could permit authenticated local users to conduct command injection attacks. This flaw arises from the lack of adequate validation for user-provided input. If successfully exploited, an attacker with read-only or elevated privileges could craft CLI commands that manipulate the underlying operating system, potentially leading to a compromise of root-level privileges. Organizations utilizing affected versions of Cisco IMC should evaluate their security configurations and apply necessary mitigations to prevent potential exploits.",Cisco,"Cisco Unified Computing System (standalone),Cisco Unified Computing System E-series Software (ucse)",8.8,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-04-24T19:41:02.339Z,0 CVE-2024-20356,https://securityvulnerability.io/vulnerability/CVE-2024-20356,Cisco IMC Vulnerability Could Lead to Command Injection and Privilege Escalation,"A security vulnerability exists in the web-based management interface of Cisco's Integrated Management Controller, which presents a significant risk for systems utilizing this management platform. The flaw is attributed to inadequate validation of user input, allowing remote attackers with Administrator-level access to conduct command injection attacks. By exploiting this vulnerability, an attacker can send specially crafted commands to the management interface, potentially gaining unauthorized root access to the system. This can lead to complete control over the affected device, emphasizing the need for immediate attention and remediation to safeguard sensitive information and critical systems.",Cisco,"Cisco Unified Computing System (standalone),Cisco Unified Computing System E-series Software (ucse)",8.7,HIGH,0.0004299999854993075,false,,true,false,true,2024-04-18T17:04:18.000Z,true,false,false,,2024-04-24T19:40:33.312Z,0 CVE-2024-20294,https://securityvulnerability.io/vulnerability/CVE-2024-20294,Cisco FXOS Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).",Cisco,"Cisco Nx-os Software,Cisco Unified Computing System (managed),Cisco Firepower Extensible Operating System (fxos),Cisco Nx-os System Software In Aci Mode",6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0 CVE-2024-20344,https://securityvulnerability.io/vulnerability/CVE-2024-20344,Cisco UCS Fabric Interconnects Vulnerable to Denial of Service Attack,"A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-07-26T15:15:04.000Z,,false,false,,2024-02-29T01:43:00.000Z,0 CVE-2023-20200,https://securityvulnerability.io/vulnerability/CVE-2023-20200,Denial of Service Vulnerability in Cisco FXOS and UCS 6300 Series,"A vulnerability exists in the Simple Network Management Protocol (SNMP) service of certain Cisco devices, allowing an authenticated, remote attacker to induce a denial of service condition. This flaw arises from the improper handling of crafted SNMP requests, potentially leading to device reloads. Exploiting this vulnerability requires knowledge of the SNMP community string on SNMPv2c or earlier, or valid SNMP user credentials on SNMPv3.",Cisco,"Cisco Unified Computing System (Managed),Cisco Firepower Extensible Operating System (FXOS)",6.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2023-08-23T19:15:00.000Z,0 CVE-2023-20228,https://securityvulnerability.io/vulnerability/CVE-2023-20228,Cross-Site Scripting Vulnerability in Cisco Integrated Management Controller Interface,"A vulnerability has been identified in the web-based management interface of Cisco Integrated Management Controller (IMC). This issue stems from inadequate validation of user input, which could enable an unauthorized remote attacker to execute cross-site scripting (XSS) attacks against users interacting with the interface. By enticing a user to click on a specially crafted link, the attacker may run arbitrary script code within the user's browser or access sensitive data managed through the browser. This highlights the importance of input validation and safe browsing practices.",Cisco,"Cisco Identity Services Engine Software,Cisco Unified Computing System (Standalone),Cisco Unified Computing System E-Series Software (UCSE)",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T21:15:00.000Z,0 CVE-2023-20012,https://securityvulnerability.io/vulnerability/CVE-2023-20012,Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability,"A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.000539999979082495,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-02-23T00:00:00.000Z,0 CVE-2023-20015,https://securityvulnerability.io/vulnerability/CVE-2023-20015,"Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability","A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.",Cisco,Cisco Unified Computing System (managed),6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-10-28T17:15:04.000Z,,false,false,,2023-02-23T00:00:00.000Z,0 CVE-2023-20016,https://securityvulnerability.io/vulnerability/CVE-2023-20016,Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability,"A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.",Cisco,Cisco Unified Computing System (managed),6.3,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-02-23T00:00:00.000Z,0 CVE-2021-34736,https://securityvulnerability.io/vulnerability/CVE-2021-34736,Cisco Integrated Management Controller GUI Denial of Service Vulnerability,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.0010499999625608325,false,,false,false,true,2024-08-04T02:15:22.000Z,,false,false,,2021-10-21T03:15:00.000Z,0 CVE-2021-1592,https://securityvulnerability.io/vulnerability/CVE-2021-1592,Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability,"A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.",Cisco,Cisco Unified Computing System (managed),4.3,MEDIUM,0.0009699999936856329,false,,false,false,true,2024-08-03T17:16:03.000Z,,false,false,,2021-08-25T00:00:00.000Z,0 CVE-2021-1397,https://securityvulnerability.io/vulnerability/CVE-2021-1397,Cisco Integrated Management Controller Open Redirect Vulnerability,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.",Cisco,Cisco Unified Computing System (standalone),4.7,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-03T17:15:54.000Z,,false,false,,2021-05-06T13:15:00.000Z,0 CVE-2021-1354,https://securityvulnerability.io/vulnerability/CVE-2021-1354,Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability,"A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.",Cisco,Cisco Unified Computing System Central Software,4.3,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-03T17:15:52.000Z,,false,false,,2021-02-04T17:15:00.000Z,0 CVE-2020-3470,https://securityvulnerability.io/vulnerability/CVE-2020-3470,Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities,"Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).",Cisco,Cisco Unified Computing System (standalone),9.8,CRITICAL,0.0020000000949949026,false,,false,false,true,2024-08-04T08:16:42.000Z,,false,false,,2020-11-18T00:00:00.000Z,0 CVE-2020-3371,https://securityvulnerability.io/vulnerability/CVE-2020-3371,Cisco Integrated Management Controller Command Injection Vulnerability,"A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level.",Cisco,Cisco Unified Computing System (standalone),6.3,MEDIUM,0.001129999989643693,false,,false,false,true,2024-08-04T08:16:37.000Z,,false,false,,2020-11-06T19:15:00.000Z,0 CVE-2020-3504,https://securityvulnerability.io/vulnerability/CVE-2020-3504,Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability,"A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.",Cisco,Cisco Unified Computing System (managed),3.3,LOW,0.0004199999966658652,false,,false,false,true,2024-08-04T08:16:43.000Z,,false,false,,2020-08-27T16:15:00.000Z,0 CVE-2020-3241,https://securityvulnerability.io/vulnerability/CVE-2020-3241,Cisco UCS Director Path Traversal Vulnerability,"A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device.",Cisco,Cisco Unified Computing System (management Software),6.5,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-18T03:15:00.000Z,0 CVE-2020-3242,https://securityvulnerability.io/vulnerability/CVE-2020-3242,Cisco UCS Director Information Disclosure Vulnerability,"A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device.",Cisco,Cisco Unified Computing System (management Software),4.9,MEDIUM,0.0017800000496208668,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-18T03:15:00.000Z,0 CVE-2020-3173,https://securityvulnerability.io/vulnerability/CVE-2020-3173,Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability,"A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.",Cisco,Cisco Unified Computing System (managed),7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T08:16:28.000Z,,false,false,,2020-02-26T00:00:00.000Z,0 CVE-2020-3172,https://securityvulnerability.io/vulnerability/CVE-2020-3172,Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability,"A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.",Cisco,Cisco Unified Computing System (managed),8.8,HIGH,0.00279999990016222,false,,false,false,true,2024-08-04T08:16:28.000Z,,false,false,,2020-02-26T00:00:00.000Z,0 CVE-2020-3119,https://securityvulnerability.io/vulnerability/CVE-2020-3119,Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability,"A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",Cisco,Cisco Unified Computing System (managed),8.8,HIGH,0.0012400000123307109,false,,false,false,true,2024-08-04T08:16:25.000Z,,false,false,,2020-02-05T00:00:00.000Z,0