Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco Unified Computing System |
Informations | |||
---|---|---|---|
Name | cisco-sa-20130424-ucsmulti | First vendor Publication | 2013-04-24 |
Vendor | Cisco | Last vendor Modification | 2013-04-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Managed and standalone Cisco Unified Computing System (UCS) deployments contain one or more of the vulnerabilities: * Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability Cisco has released free software updates that address these vulnerabilities. These vulnerabilities affect only Cisco UCS. Additional vulnerabilities that affect the NX-OS base operating system of UCS are described in Multiple Vulnerabilities in Cisco NX-OS-Based Products. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlF2hvUACgkQUddfH3/BbTrhHAD/c+Yr53D5RzalE4XWq08KKPjb GW4lA2LX+c6XA7lE3OkA/jHUbJ1303190tX/Xxv5+cSgnQoRBtFwtrIjzOWhcKz/ =l15l END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
20 % | CWE-287 | Improper Authentication |
20 % | CWE-264 | Permissions, Privileges, and Access Controls |
20 % | CWE-200 | Information Exposure |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-05-09 | IAVM : 2013-A-0099 - Multiple Vulnerabilities in Cisco Unified Computing System Severity : Category I - VMSKEY : V0037771 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-17 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20130424-ucsmulti.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:09 |
|
2013-11-11 12:37:32 |
|
2013-04-25 21:20:11 |
|
2013-04-24 21:18:41 |
|