Multiple Vulnerabilities in Cisco Unified Computing System

2013-04-2416:00:00

tools.cisco.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.7%

JSON

Managed and standalone Cisco Unified Computing System (UCS) deployments contain one or more of the vulnerabilities:

Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability
Cisco Unified Computing System IPMI Buffer Overflow Vulnerability
Cisco Unified Computing Management API Denial of Service Vulnerability
Cisco Unified Computing System Information Disclosure Vulnerability
Cisco Unified Computing System KVM Authentication Bypass Vulnerability

Cisco has released software updates that address these vulnerabilities. These vulnerabilities affect only Cisco UCS. Additional vulnerabilities that affect the NX-OS base operating system of UCS are described in Multiple Vulnerabilities in Cisco NX-OS-Based Products.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti”]

Affected configurations

Vulners

Node

ciscounified_computing_system_directorMatchany

CPENameOperatorVersion
cisco unified computing system (managed)eqany
cisco unified computing system (standalone)eqany
cisco unified computing system (managed)eqany
cisco unified computing system (standalone)eqany

Name	Operator	Version
cisco unified computing system (managed)	eq	any
cisco unified computing system (standalone)	eq	any
cisco unified computing system (managed)	eq	any
cisco unified computing system (standalone)	eq	any