A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco integrated management controller supervisor |
||
cisco ucs director 6.6.1.0 |
||
cisco ucs director express for big data 3.6.0.0 |
||
cisco ucs director express for big data 3.6.1.0 |
||
cisco ucs director express for big data |
||
cisco ucs director 6.6.0.0 |
||
cisco ucs director |
Plus UCS and other gear need updates Breaker, breaker. Apple's iOS 12.4 update breaks jailbreak break, un-breaks the break. 10-4
Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers. Switchzilla's latest patch bundle includes six alerts for what it rates as critical issues, including flaws in its Small Business 220 Series switches and UCS Director software. Combined with Cisco's fixes for 'high' and 'moderate' issues, the networking giant posted a total of 33 security alerts on Wednesday. For the Small Business 220 Switches, a pair of patches address CVE-201...