Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCisco C125 M5
HWCiscowszystkie wersjeCisco C220 M5
HWCiscowszystkie wersjeCisco C240 M5
HWCiscowszystkie wersjeCisco C480 M5
HWCiscowszystkie wersjeCisco C480 Ml M5
HWCiscowszystkie wersjeCisco Enterprise Network Compute System 5100
HWCiscowszystkie wersjeCisco Enterprise Network Compute System 5400
HWCiscowszystkie wersjeCisco Enterprise Nfv Infrastructure Software
APPCisco< 4.4.1Cisco Integrated Management Controller
APPCisco< 3.2.11.34.0\(1a\) – 4.0\(4l\)3.0\(1c\) – 3.0\(4q\)4.0\(1a\) – 4.0\(2l\)4.1\(1c\) – 4.1\(1f\)3.1 – 4.0\(4l\)Cisco Ucs C220 M3
HWCiscowszystkie wersjeCisco Ucs C220 M4
HWCiscowszystkie wersjeCisco Ucs C22 M3
HWCiscowszystkie wersjeCisco Ucs C240 M3
HWCiscowszystkie wersjeCisco Ucs C24 M3
HWCiscowszystkie wersjeCisco Ucs C420 M3
HWCiscowszystkie wersjeCisco Ucs C460 M4
HWCiscowszystkie wersjeCisco Ucs E Series M1
HWCiscowszystkie wersjeCisco Ucs E Series M2
HWCiscowszystkie wersjeCisco Ucs E Series M3
HWCiscowszystkie wersjeCisco Ucs S3160
HWCiscowszystkie wersjeCisco Ucs S3260
HWCiscowszystkie wersje
Powiązane podatności
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to es...
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to es...
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to es...
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise ...