Cisco Unified Computing System — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Unified Computing System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2015-6435 — CVSS 9.8 (critical): An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before…
CVE-2019-1865 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an…
CVE-2019-1907 — CVSS 8.8 (high): A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set…
CVE-2019-1864 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an…
CVE-2018-0430 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an…
CVE-2018-0431 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an…
CVE-2021-1368 — CVSS 8.8 (high): A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an…
CVE-2021-1387 — CVSS 8.6 (high): A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service…
CVE-2012-4078 — CVSS 8.5 (high): The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which…
CVE-2019-1863 — CVSS 8.1 (high): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an…
CVE-2017-6600 — CVSS 7.8 (high): A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall…
CVE-2019-1966 — CVSS 7.8 (high): A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could…
CVE-2018-0338 — CVSS 7.8 (high): A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated…
CVE-2016-6402 — CVSS 7.8 (high): UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root…
CVE-2019-1883 — CVSS 7.8 (high): A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker…
CVE-2017-6597 — CVSS 7.8 (high): A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series…
CVE-2019-1908 — CVSS 7.5 (high): A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC)…
CVE-2015-0718 — CVSS 7.5 (high): Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows…
CVE-2017-6633 — CVSS 7.5 (high): A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker…
CVE-2019-1900 — CVSS 7.5 (high): A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause…
CVE-2015-4279 — CVSS 7.2 (high): The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for…
CVE-2019-1896 — CVSS 7.2 (high): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote…
CVE-2019-1885 — CVSS 7.2 (high): A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to…
CVE-2019-1871 — CVSS 7.2 (high): A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated…
CVE-2019-1850 — CVSS 7.2 (high): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an…
CVE-2019-1634 — CVSS 7.2 (high): A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an…
CVE-2014-8003 — CVSS 7.2 (high): Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via…
CVE-2015-4183 — CVSS 7.2 (high): Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID…
CVE-2015-6415 — CVSS 7.1 (high): Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU…
CVE-2017-6601 — CVSS 7.1 (high): A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall…
CVE-2012-4112 — CVSS 6.8 (medium): The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute…
CVE-2012-4109 — CVSS 6.8 (medium): The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges…
CVE-2012-4111 — CVSS 6.8 (medium): The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain…
CVE-2012-4102 — CVSS 6.8 (medium): The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain…
CVE-2012-4136 — CVSS 6.8 (medium): The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the…
CVE-2014-7996 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing…
CVE-2012-4084 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified…
CVE-2015-0633 — CVSS 6.8 (medium): The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote…
CVE-2012-4082 — CVSS 6.8 (medium): MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering…
CVE-2012-4106 — CVSS 6.8 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script…
CVE-2011-2569 — CVSS 6.8 (medium): Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line…
CVE-2012-4108 — CVSS 6.8 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary…
CVE-2012-4110 — CVSS 6.8 (medium): run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding…
CVE-2012-4103 — CVSS 6.8 (medium): ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding…
CVE-2017-6598 — CVSS 6.7 (medium): A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series…
CVE-2017-12341 — CVSS 6.7 (medium): A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection…
CVE-2017-12334 — CVSS 6.7 (medium): A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection…
CVE-2017-12333 — CVSS 6.7 (medium): A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a…
CVE-2017-12255 — CVSS 6.7 (medium): A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The…
CVE-2017-12331 — CVSS 6.7 (medium): A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a…
CVE-2019-1736 — CVSS 6.6 (medium): A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified…
CVE-2024-20294 — CVSS 6.6 (medium): A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an…
CVE-2012-4089 — CVSS 6.6 (medium): MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management…
CVE-2012-4104 — CVSS 6.6 (medium): Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System…
CVE-2024-20365 — CVSS 6.5 (medium): A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an…
CVE-2012-1313 — CVSS 6.5 (medium): The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed…
CVE-2019-1627 — CVSS 6.5 (medium): A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to…
CVE-2019-1879 — CVSS 6.4 (medium): A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary…
CVE-2017-12329 — CVSS 6.3 (medium): A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated…
CVE-2017-12335 — CVSS 6.3 (medium): A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection…
CVE-2012-4096 — CVSS 6.2 (medium): The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain…
CVE-2017-6604 — CVSS 6.1 (medium): A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote…
CVE-2017-12338 — CVSS 6.0 (medium): A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary…
CVE-2012-4073 — CVSS 5.8 (medium): The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows…
CVE-2012-4114 — CVSS 5.8 (medium): The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle…
CVE-2012-4115 — CVSS 5.8 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows…
CVE-2012-4074 — CVSS 5.8 (medium): The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded…
CVE-2012-4092 — CVSS 5.8 (medium): The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity…
CVE-2012-4117 — CVSS 5.8 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows…
CVE-2019-1630 — CVSS 5.5 (medium): A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated…
CVE-2012-4095 — CVSS 5.5 (medium): The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges…
CVE-2019-1725 — CVSS 5.5 (medium): A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an…
CVE-2019-1628 — CVSS 5.5 (medium): A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a…
CVE-2012-4094 — CVSS 5.4 (medium): Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers…
CVE-2021-34736 — CVSS 5.3 (medium): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an…
CVE-2021-1590 — CVSS 5.3 (medium): A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote…
CVE-2020-10136 — CVSS 5.3 (medium): IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable…
CVE-2020-26062 — CVSS 5.3 (medium): A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames…
CVE-2019-1629 — CVSS 5.3 (medium): A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote…
CVE-2019-1631 — CVSS 5.3 (medium): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated…
CVE-2012-4086 — CVSS 5.1 (medium): A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary…
CVE-2012-4087 — CVSS 5.1 (medium): A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary…
CVE-2015-6355 — CVSS 5.0 (medium): The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive…
CVE-2014-8009 — CVSS 5.0 (medium): The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by…
CVE-2012-4085 — CVSS 5.0 (medium): The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System…
CVE-2012-4079 — CVSS 5.0 (medium): The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial…
CVE-2013-1190 — CVSS 5.0 (medium): The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which…
CVE-2012-4081 — CVSS 4.6 (medium): MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service…
CVE-2019-1632 — CVSS 4.6 (medium): A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote…
CVE-2012-4113 — CVSS 4.6 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files…
CVE-2012-4107 — CVSS 4.6 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary…
CVE-2012-4105 — CVSS 4.6 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash)…
CVE-2013-5550 — CVSS 4.6 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted…
CVE-2012-4093 — CVSS 4.6 (medium): The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call…
CVE-2017-12332 — CVSS 4.4 (medium): A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary…
CVE-2017-6602 — CVSS 4.4 (medium): A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW)…
CVE-2012-4072 — CVSS 4.3 (medium): The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers…
CVE-2012-4088 — CVSS 4.3 (medium): The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for…
CVE-2015-4259 — CVSS 4.3 (medium): The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL…
CVE-2021-1592 — CVSS 4.3 (medium): A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial…
CVE-2015-0599 — CVSS 4.3 (medium): The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not…
CVE-2012-4116 — CVSS 4.3 (medium): The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers…
CVE-2017-12336 — CVSS 4.2 (medium): A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the…
CVE-2012-4083 — CVSS 4.0 (medium): Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to…