Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Unified Computing System multiple security vulnerabilities
Published:06.05.2013
Source:
SecurityVulns ID:13056
Type:remote
Threat Level:
8/10
Description:Buffer overflow, information leakage, authentication bypass, DoS.
Affected:CISCO : Unified Computing System 6100
 CISCO : Unified Computing System 6200
CVE:CVE-2013-1186 (Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.)
 CVE-2013-1185 (The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.)
 CVE-2013-1184 (The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206.)
 CVE-2013-1183 (Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371.)
 CVE-2013-1182 (The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.)
Files:Multiple Vulnerabilities in Cisco Unified Computing System

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod