Vulnerabilites related to cisco - ucs_c420_m3
Vulnerability from fkie_nvd
Published
2020-11-18 19:15
Modified
2024-11-21 05:31
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHdVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHdVendor Advisory
Impacted products
Vendor Product Version
cisco enterprise_nfv_infrastructure_software *
cisco enterprise_network_compute_system_5100 -
cisco enterprise_network_compute_system_5400 -
cisco integrated_management_controller *
cisco c125_m5 -
cisco c220_m5 -
cisco c240_m5 -
cisco c480_m5 -
cisco c480_ml_m5 -
cisco integrated_management_controller *
cisco integrated_management_controller *
cisco integrated_management_controller *
cisco ucs_c220_m4 -
cisco ucs_c460_m4 -
cisco integrated_management_controller *
cisco ucs_c22_m3 -
cisco ucs_c220_m3 -
cisco ucs_c24_m3 -
cisco ucs_c240_m3 -
cisco ucs_c420_m3 -
cisco integrated_management_controller *
cisco ucs_e-series_m1 -
cisco ucs_e-series_m2 -
cisco ucs_e-series_m3 -
cisco integrated_management_controller *
cisco integrated_management_controller *
cisco ucs_s3260 -
cisco integrated_management_controller *
cisco ucs_s3160 -


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A232F87-498C-4564-91FE-A09DD08FD8D6",
                     versionEndExcluding: "4.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:enterprise_network_compute_system_5100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C99F93F-96BC-486D-838A-0E91CCA2A506",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:enterprise_network_compute_system_5400:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4748E0D1-6976-402F-8845-BDA4959B7CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8296D38E-D127-4EEC-9E46-11649B17FA80",
                     versionEndIncluding: "4.0\\(4l\\)",
                     versionStartIncluding: "4.0\\(1a\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:c125_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "773F05F8-CF38-4CC8-9FC8-528789073FB2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:c220_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB5FBE2F-1920-48DC-8377-A4AD8202C123",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:c240_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4570063-4744-4CF0-AC99-14693E639191",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:c480_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5717A4D4-9CBB-4A7B-A974-76CABB54B2E4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:c480_ml_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFB191A5-B7D8-49C3-9CE9-F5CBD506D4C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38DCD8EC-49D3-42F5-B173-0A7292440D2C",
                     versionEndIncluding: "3.0\\(4q\\)",
                     versionStartIncluding: "3.0\\(1c\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB14CB04-F746-4223-8567-ED40E63D2B7A",
                     versionEndIncluding: "4.0\\(2l\\)",
                     versionStartIncluding: "4.0\\(1a\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716BFD71-D434-4004-B6CE-61AC0B3F5CDE",
                     versionEndIncluding: "4.1\\(1f\\)",
                     versionStartIncluding: "4.1\\(1c\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c220_m4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD45BB8A-BC47-4DFB-9027-93ACF0DA302B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c460_m4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6B4CF9E-A757-4F4B-931A-538FC2F5331A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38DCD8EC-49D3-42F5-B173-0A7292440D2C",
                     versionEndIncluding: "3.0\\(4q\\)",
                     versionStartIncluding: "3.0\\(1c\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c22_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE87B6DD-FDE4-4484-84C7-EAF383EB6BAC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c220_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5368DBDD-B482-4705-A186-6D5B5B21B754",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c24_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9403C407-8BE9-416E-94C0-3CB6F732C592",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c240_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CB75EF7-5889-4D6F-A488-F1EB30596F9F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c420_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF2C12B1-A75B-450A-BD31-53EF15F1F4A0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F24473F-4E6F-4B5D-8367-4A837D8A8CEE",
                     versionEndExcluding: "3.2.11.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_e-series_m1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0026BDC6-C453-4A83-962D-78A33726748F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_e-series_m2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7C917DE-E3EC-4D3C-BADD-9E4BFE374FE2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_e-series_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "56324B92-6441-4EB2-AF88-12381DCC2F1E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B593E934-6A3C-4500-9AEE-023E28A16A48",
                     versionEndIncluding: "4.0\\(4l\\)",
                     versionStartIncluding: "3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716BFD71-D434-4004-B6CE-61AC0B3F5CDE",
                     versionEndIncluding: "4.1\\(1f\\)",
                     versionStartIncluding: "4.1\\(1c\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38DCD8EC-49D3-42F5-B173-0A7292440D2C",
                     versionEndIncluding: "3.0\\(4q\\)",
                     versionStartIncluding: "3.0\\(1c\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_s3160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A7182D3-DC99-4CF2-BAFF-506AE6813D96",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en el subsistema API de Cisco Integrated Management Controller (IMC), podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario con privilegios root. Las vulnerabilidades son debido a comprobaciones de límites inapropiadas para determinada entrada suministrada por el usuario. Un atacante podría explotar estas vulnerabilidades mediante el envío una petición HTTP diseñada hacia el subsistema API de un sistema afectado. Cuando esta petición es procesada, puede ocurrir una condición de desbordamiento de búfer explotable. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario con privilegios root en el sistema operativo subyacente (SO)",
      },
   ],
   id: "CVE-2020-3470",
   lastModified: "2024-11-21T05:31:08.060",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-11-18T19:15:12.540",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-21 03:15
Modified
2024-11-21 06:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZhVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZhVendor Advisory
Impacted products
Vendor Product Version
cisco unified_computing_system *
cisco unified_computing_system *
cisco ucs_c125_m5 -
cisco ucs_c22_m3 -
cisco ucs_c220_m3 -
cisco ucs_c220_m4 -
cisco ucs_c220_m5 -
cisco ucs_c225_m6 -
cisco ucs_c24_m3 -
cisco ucs_c240_m3 -
cisco ucs_c240_m5 -
cisco ucs_c240_sd_m5 -
cisco ucs_c245_m6 -
cisco ucs_c260_m2 -
cisco ucs_c3160 -
cisco ucs_c3260 -
cisco ucs_c420_m3 -
cisco ucs_c4200 -
cisco ucs_c460_m2 -
cisco ucs_c460_m4 -
cisco ucs_c480_m5 -
cisco ucs_c480_ml_m5 -
cisco ucs_c890_m5 -
cisco unified_computing_system *
cisco ucs_s3260 -


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12A905D0-ACBA-453C-A517-CEB0D98E836C",
                     versionEndExcluding: "4.1\\(2g\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2988EA7D-D1B7-4A45-A7E1-F4CDCE8A449B",
                     versionEndExcluding: "4.2\\(1b\\)",
                     versionStartIncluding: "4.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADD4A429-F168-460B-A964-8F1BD94C6387",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c22_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE87B6DD-FDE4-4484-84C7-EAF383EB6BAC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c220_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5368DBDD-B482-4705-A186-6D5B5B21B754",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c220_m4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD45BB8A-BC47-4DFB-9027-93ACF0DA302B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c220_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "855E1346-BACC-4485-9534-7C830FCFD54B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c225_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9C38B65-9A77-40BF-BE77-2B307A0AFC1D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c24_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9403C407-8BE9-416E-94C0-3CB6F732C592",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c240_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CB75EF7-5889-4D6F-A488-F1EB30596F9F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c240_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F262ADAB-74DC-466B-983A-C49E4BAC22C0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c240_sd_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9768750-2981-4F7B-82B5-8BB64FD5AAD5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c245_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B319520-A217-4070-ABAF-29DCE6EDB6D2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c260_m2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6B63849-1831-4564-9F9C-BDBDA267E9AF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c3160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E1C3AF7-DF08-494D-B3FA-001CC9114DC2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c3260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "22B85A56-2058-42C3-87EF-F9A7DD4726B1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c420_m3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF2C12B1-A75B-450A-BD31-53EF15F1F4A0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD25964B-08B7-477E-A507-5FE5EE7CD286",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c460_m2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1311C886-01AA-45DA-9479-0287C935DE91",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c460_m4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6B4CF9E-A757-4F4B-931A-538FC2F5331A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c480_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B0FA5-996F-4F25-8AAB-603CB46175F9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c480_ml_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E829EF2-3BFE-48CD-A0CE-8DFA20440EF7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_c890_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87A68188-3C0E-422A-A674-0E8BF18E7091",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DAF0295-8C01-4C4D-842E-46387B239C81",
                     versionEndExcluding: "4.1\\(3e\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FDC8A69-0914-44C1-8AEA-262E0A285C81",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Integrated Management Controller (IMC) Software podría permitir a un atacante remoto no autenticado causar el reinicio inesperado de la interfaz de administración basada en web. La vulnerabilidad es debido a que la interfaz de administración basada en web no comprueba suficientemente las entradas. Un atacante podría aprovechar esta vulnerabilidad mediante el envío de una petición HTTP diseñada a un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar el reinicio de la interfaz, resultando en una condición de denegación de servicio (DoS)",
      },
   ],
   id: "CVE-2021-34736",
   lastModified: "2024-11-21T06:11:04.973",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-21T03:15:06.890",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2020-3470
Vulnerability from cvelistv5
Published
2020-11-18 17:41
Modified
2024-11-13 17:37
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHdvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco Unified Computing System (Standalone) Version: n/a
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T07:37:54.149Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20201118 Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-3470",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-13T17:10:44.002733Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-13T17:37:58.871Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Unified Computing System (Standalone)",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2020-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-11-18T17:41:18",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20201118 Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd",
            },
         ],
         source: {
            advisory: "cisco-sa-ucs-api-rce-UXwpeDHd",
            defect: [
               [
                  "CSCvu21215",
                  "CSCvu21222",
                  "CSCvu22429",
                  "CSCvu80203",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2020-11-18T16:00:00",
               ID: "CVE-2020-3470",
               STATE: "PUBLIC",
               TITLE: "Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Unified Computing System (Standalone)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "9.8",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-119",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20201118 Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-ucs-api-rce-UXwpeDHd",
               defect: [
                  [
                     "CSCvu21215",
                     "CSCvu21222",
                     "CSCvu22429",
                     "CSCvu80203",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2020-3470",
      datePublished: "2020-11-18T17:41:18.106724Z",
      dateReserved: "2019-12-12T00:00:00",
      dateUpdated: "2024-11-13T17:37:58.871Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34736
Vulnerability from cvelistv5
Published
2021-10-21 02:50
Modified
2024-11-07 21:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZhvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco Unified Computing System (Managed) Version: n/a
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.111Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211020 Cisco Integrated Management Controller GUI Denial of Service Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34736",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:44:36.610487Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:46:33.524Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Unified Computing System (Managed)",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-21T02:50:50",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211020 Cisco Integrated Management Controller GUI Denial of Service Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh",
            },
         ],
         source: {
            advisory: "cisco-sa-imc-gui-dos-TZjrFyZh",
            defect: [
               [
                  "CSCvy91321",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Integrated Management Controller GUI Denial of Service Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-20T16:00:00",
               ID: "CVE-2021-34736",
               STATE: "PUBLIC",
               TITLE: "Cisco Integrated Management Controller GUI Denial of Service Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Unified Computing System (Managed)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-20",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211020 Cisco Integrated Management Controller GUI Denial of Service Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-imc-gui-dos-TZjrFyZh",
               defect: [
                  [
                     "CSCvy91321",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34736",
      datePublished: "2021-10-21T02:50:50.138911Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:46:33.524Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}