Vulnerabilites related to cisco - unified_computing_system_integrated_management_controller
cve-2013-1184
Vulnerability from cvelistv5
Published
2013-04-25 10:00
Modified
2024-09-16 17:22
Severity ?
EPSS score ?
Summary
The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1184",
"datePublished": "2013-04-25T10:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:22:47.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1185
Vulnerability from cvelistv5
Published
2013-04-25 10:00
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1185",
"datePublished": "2013-04-25T10:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T19:25:27.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1186
Vulnerability from cvelistv5
Published
2013-04-25 10:00
Modified
2024-09-16 22:02
Severity ?
EPSS score ?
Summary
Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1186",
"datePublished": "2013-04-25T10:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:02:16.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1182
Vulnerability from cvelistv5
Published
2013-04-25 10:00
Modified
2024-09-16 22:25
Severity ?
EPSS score ?
Summary
The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1182",
"datePublished": "2013-04-25T10:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:30.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-04-25 10:55
Modified
2024-11-21 01:49
Severity ?
Summary
The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB67F2CC-67A3-42B0-A241-3BAB8EC52AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "097EBEF0-8228-4034-93CC-F50226633D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75680C91-A1EF-4BE1-8D26-C4763E44A091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "44E4A6EA-FFBE-41C9-9A99-135FB9C1AD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "881A281B-F042-4662-973B-ECB9C536A0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D4CEC2A3-E00F-4DD9-A9A7-436131554733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC29BA47-A40A-4666-BF60-7949406C56DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6120xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908F8E5E-9BC4-4682-8C25-C07DB032A18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6140xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92F5E053-2C45-43F0-8A86-FB3C4C0B04E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6248up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6584DF3-E466-49BE-B4D8-3E249B7816F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6296up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DD763C-BBA6-48EC-9CFF-A5F0DEF85756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_integrated_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F29BD7-06E5-4149-90CB-F9733D04AFF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206."
},
{
"lang": "es",
"value": "El API de gesti\u00f3n en el servicio de gesti\u00f3n de API XML en el componente Manager de Cisco Unified Computing System (UCS) v1.x antes v1.2 (1b), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n del servicio) a trav\u00e9s de una solicitud mal formada, tambi\u00e9n conocido como Bug ID CSCtg48206."
}
],
"id": "CVE-2013-1184",
"lastModified": "2024-11-21T01:49:04.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-25T10:55:01.723",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-25 10:55
Modified
2024-11-21 01:49
Severity ?
Summary
The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB67F2CC-67A3-42B0-A241-3BAB8EC52AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "097EBEF0-8228-4034-93CC-F50226633D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75680C91-A1EF-4BE1-8D26-C4763E44A091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "44E4A6EA-FFBE-41C9-9A99-135FB9C1AD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "881A281B-F042-4662-973B-ECB9C536A0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D4CEC2A3-E00F-4DD9-A9A7-436131554733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC29BA47-A40A-4666-BF60-7949406C56DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0CB4EB98-5F8D-4BC1-813C-397B7E82E891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2E8C881B-CAAC-40AB-A9BF-93495BAFE56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "20C079CC-34E2-4C8D-ABC9-6D76F4A22D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F2FDBA01-AE8E-4B06-9A4E-71CB16D3C592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "765CC42E-FAC8-43D6-9B40-B8CF7272C4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C0806ED-7F9C-4166-B47A-0381C215FF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76367743-6762-4C70-AFD7-4848E2FE3F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4857DF36-804A-4B2B-B2AA-37E8A0036F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B18FB5A-F569-413C-BA09-58C28EF9316C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1y\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41EC377E-7DAD-4E6C-AC3F-215B6EAB05D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BC44EDC-9AA3-4DAF-934E-5E36683EBAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "469AF1BD-4F2B-4830-99DD-A51EB562B559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B66B97A2-05E3-49B5-8CD7-9F85155AE911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E23273C6-256C-4541-ACB9-54AF6C167694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C863FFF-0BF7-40F2-B75C-FAFA7FCAF49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8AAB9E22-6D0A-4894-83F1-A61412DEEF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9234FFB6-7A06-44F5-8A66-2DCDBB750A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F730CFA8-7D04-47FC-80D0-D9A9A96442BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3y\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DD8F5ECD-BEB9-450A-8588-C66DB1749191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F587446E-72F2-476E-8122-417FBBE80803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(4g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "10359225-8D87-4B50-A431-4CF28A442431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B5E4EB6-2C64-4432-BEF7-125E6920F418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(4j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "963ABB73-9FBC-411A-9498-4279E0A922EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(4k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4ECB9171-BDD8-4FAD-9930-1CE03AD3DACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B3C126B-3C93-4CB1-8AE5-875866119A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "196AED55-BFF6-4EC3-9161-C06896E4B1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6F4760A3-C8BE-4C7E-AC05-0ABEC8B57923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "66EF9AAC-6C24-43EA-BF46-A6B36F9F830E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46A54C70-DDA6-4A9B-A5A5-D9D413BFF44E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6120xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908F8E5E-9BC4-4682-8C25-C07DB032A18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6140xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92F5E053-2C45-43F0-8A86-FB3C4C0B04E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6248up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6584DF3-E466-49BE-B4D8-3E249B7816F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6296up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DD763C-BBA6-48EC-9CFF-A5F0DEF85756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_integrated_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F29BD7-06E5-4149-90CB-F9733D04AFF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543."
},
{
"lang": "es",
"value": "La interfaz web en el componente Manager de Cisco Unified Computing System (UCS) v1.x y v2.x antes v2.0(2m) permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de un (1) archivo de paquete de soporte t\u00e9cnico o (2) el Respaldar la configuraci\u00f3n del equipo, tambi\u00e9n conocido como Bug ID CSCtq86543."
}
],
"id": "CVE-2013-1185",
"lastModified": "2024-11-21T01:49:04.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-25T10:55:01.750",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-25 10:55
Modified
2024-11-21 01:49
Severity ?
Summary
Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB67F2CC-67A3-42B0-A241-3BAB8EC52AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "097EBEF0-8228-4034-93CC-F50226633D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75680C91-A1EF-4BE1-8D26-C4763E44A091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "44E4A6EA-FFBE-41C9-9A99-135FB9C1AD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "881A281B-F042-4662-973B-ECB9C536A0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D4CEC2A3-E00F-4DD9-A9A7-436131554733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC29BA47-A40A-4666-BF60-7949406C56DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0CB4EB98-5F8D-4BC1-813C-397B7E82E891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2E8C881B-CAAC-40AB-A9BF-93495BAFE56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "20C079CC-34E2-4C8D-ABC9-6D76F4A22D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F2FDBA01-AE8E-4B06-9A4E-71CB16D3C592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "765CC42E-FAC8-43D6-9B40-B8CF7272C4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C0806ED-7F9C-4166-B47A-0381C215FF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76367743-6762-4C70-AFD7-4848E2FE3F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4857DF36-804A-4B2B-B2AA-37E8A0036F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B18FB5A-F569-413C-BA09-58C28EF9316C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1y\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41EC377E-7DAD-4E6C-AC3F-215B6EAB05D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BC44EDC-9AA3-4DAF-934E-5E36683EBAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "469AF1BD-4F2B-4830-99DD-A51EB562B559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B66B97A2-05E3-49B5-8CD7-9F85155AE911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E23273C6-256C-4541-ACB9-54AF6C167694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C863FFF-0BF7-40F2-B75C-FAFA7FCAF49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8AAB9E22-6D0A-4894-83F1-A61412DEEF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9234FFB6-7A06-44F5-8A66-2DCDBB750A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F730CFA8-7D04-47FC-80D0-D9A9A96442BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(3y\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DD8F5ECD-BEB9-450A-8588-C66DB1749191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B3C126B-3C93-4CB1-8AE5-875866119A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "196AED55-BFF6-4EC3-9161-C06896E4B1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6F4760A3-C8BE-4C7E-AC05-0ABEC8B57923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "66EF9AAC-6C24-43EA-BF46-A6B36F9F830E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46A54C70-DDA6-4A9B-A5A5-D9D413BFF44E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6120xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908F8E5E-9BC4-4682-8C25-C07DB032A18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6140xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92F5E053-2C45-43F0-8A86-FB3C4C0B04E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6248up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6584DF3-E466-49BE-B4D8-3E249B7816F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6296up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DD763C-BBA6-48EC-9CFF-A5F0DEF85756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_integrated_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F29BD7-06E5-4149-90CB-F9733D04AFF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746."
},
{
"lang": "es",
"value": "Cisco Unified Computing System (UCS) v1.x antes v1.4(4) y v2.x antes v2.0 (2m), permite a atacantes remotos evitar la autenticaci\u00f3n de KVM a trav\u00e9s de una solicitud de autenticaci\u00f3n dise\u00f1ada a una gesti\u00f3n integrada de Cisco Controller (IMC), tambi\u00e9n conocido como Bug ID CSCts53746 ."
}
],
"id": "CVE-2013-1186",
"lastModified": "2024-11-21T01:49:04.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-25T10:55:01.770",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-25 10:55
Modified
2024-11-21 01:49
Severity ?
Summary
The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D750A18-D9BA-4AA4-8DA5-CB38F0430996",
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75680C91-A1EF-4BE1-8D26-C4763E44A091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2E8C881B-CAAC-40AB-A9BF-93495BAFE56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "20C079CC-34E2-4C8D-ABC9-6D76F4A22D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F2FDBA01-AE8E-4B06-9A4E-71CB16D3C592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "765CC42E-FAC8-43D6-9B40-B8CF7272C4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C0806ED-7F9C-4166-B47A-0381C215FF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76367743-6762-4C70-AFD7-4848E2FE3F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4857DF36-804A-4B2B-B2AA-37E8A0036F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B18FB5A-F569-413C-BA09-58C28EF9316C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\\(1y\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41EC377E-7DAD-4E6C-AC3F-215B6EAB05D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6120xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908F8E5E-9BC4-4682-8C25-C07DB032A18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6140xp_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92F5E053-2C45-43F0-8A86-FB3C4C0B04E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6248up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6584DF3-E466-49BE-B4D8-3E249B7816F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_6296up_fabric_interconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DD763C-BBA6-48EC-9CFF-A5F0DEF85756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unified_computing_system_integrated_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F29BD7-06E5-4149-90CB-F9733D04AFF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207."
},
{
"lang": "es",
"value": "La p\u00e1gina de inicio de sesi\u00f3n en la consola Web en el componente Administrador de Cisco Unified Computing System (UCS), antes de v1.0(2h) v1.1 antes de v1.1(1j), y v1.3(x), permite a atacantes remotos evitar la autenticaci\u00f3n LDAP a trav\u00e9s de una solicitud mal formada, tambi\u00e9n conocido como Bug ID CSCtc91207."
}
],
"id": "CVE-2013-1182",
"lastModified": "2024-11-21T01:49:03.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-25T10:55:01.683",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}