Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ucs_6536

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2024-20294
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 25.23%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:16
Updated-21 May, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180yc-fx3nexus_34180ycnexus_7700nexus_93240tc-fx2nexus_92300ycnexus_3524-x\/xlnexus_3232nexus_7004nexus_9364c-gxnexus_3408-snexus_93108tc-fx-24mds_9148snexus_9336pq_aci_spinenexus_6001pnexus_9516_switchnexus_3100vnexus_7000_supervisor_2enexus_93180yc-ex-24nexus_9516nexus_3064-32tmds_9216inexus_93128txnexus_9500rnexus_9804nexus_3400nexus_3172tqnexus_5672upnexus_7000_9-slotmds_9216nexus_3132q-x\/3132q-xlnexus_5596upnexus_9432pqnexus_92304qc_switchnexus_93180yc-fx3hnexus_34200yc-smunified_computing_systemnexus_93400ld-h1firepower_extensible_operating_systemnexus_3016nexus_93180yc-exnexus_93180yc-ex_switchnexus_93240yc-fx2nexus_3600nexus_9336pqnexus_9396pxnexus_93216tc-fx2nexus_7010firepower_9300_sm-48nexus_3548-xlnexus_93128tx_switchnexus_9500ucs_6248upnexus_3132q-vnexus_9636pqnexus_3172pq-xlmds_9700nexus_9716d-gxnexus_9500_supervisor_a\+nexus_7700_10-slotnexus_9348gc-fx3nexus_6000mds_9148tnexus_93108tc-fx3hnexus_3500_platformnexus_93180lc-exfirepower_4150nexus_6004nexus_3548-x\/xlnexus_7710nexus_9500_supervisor_b\+firepower_4112nexus_3264qnexus_6001nexus_9300nexus_9336c-fx2-enexus_3172pqnexus_9372px-enexus_5624qnexus_93180yc-fxnexus_6004xnexus_9372txnexus_7700_supervisor_2enexus_92160yc-xmds_9250imds_9140nexus_9336c-fx2nexus_7000_4-slotnexus_9500_4-slotnexus_9348gc-fxpucs_6296upnexus_93108tc-ex-24nexus_3524-xlmds_9132tnexus_9372pxnexus_93600cd-gxnexus_9332d-h2rnexus_3132q-xlnexus_9408nexus_9800ucs_6248_upfirepower_4125mds_9509nexus_9396tx_switchnexus_3132qmds_9148nexus_3432d-snexus_31108tc-vnexus_5648qucs_6536nexus_93360yc-fx2mds_9396tucs_6296_upnexus_3064-xnexus_5672up-16gnexus_7000_supervisor_2nexus_92348gc-xnexus_9272q_switchnexus_9272qfirepower_9300_sm-36nexus_9372tx-enexus_9372px_switchnexus_92300yc_switchnexus_9372tx_switchnexus_9221cnexus_3264c-emds_9200firepower_9300_sm-24nexus_9348d-gx2anexus_3064tnexus_7700_6-slotmds_9216anexus_3100-vnexus_9500_16-slotucs_64108firepower_9300_sm-40nexus_93108tc-fxnexus_93108tc-exnexus_3172nexus_9536pqnexus_3500nexus_3132q-xnexus_7700_supervisor_3enexus_93120tx_switchmds_9222inexus_93128nexus_3064xnexus_3232cnexus_3524-xnexus_9500_supervisor_bucs_6454mds_9706nexus_3064-tfirepower_9300_sm-56ucs_6324nexus_3132c-znexus_3100-znexus_9504nexus_7000nexus_7702nexus_3232c_nexus_3464cnexus_7000_10-slotnexus_9200ycnexus_93108tc-fx3nexus_7718nexus_3200nexus_9200nexus_3636c-rnexus_9332d-gx2bnexus_9348gc-fx3phnexus_3064nexus_56128pnexus_9332cnexus_3048mds_9500mds_9396snexus_6001tnexus_3172tq-32tnexus_93108tc-fx3pnexus_7000_18-slotnexus_93180lc-ex_switchnexus_9236cnexus_31108pc-vnexus_9364cnexus_9500_supervisor_anexus_9396px_switchnexus_5548upnexus_7009nexus_9500_8-slotnexus_7700_18-slotfirepower_4120nexus_9736pqnexus_93180yc-fx-24firepower_4145firepower_4115nexus_9336pq_acinexus_9808firepower_9300_sm-44mds_9710mds_9513nexus_9316d-gxnexus_7018nexus_9236c_switchnexus_9332pq_switchfirepower_4140nexus_9336pq_aci_spine_switchnexus_9364c-h1nexus_3016qnexus_3172pq\/pq-xlucs_6332mds_9134nexus_9332pqnexus_93180tc-exnexus_5548pnexus_7000_supervisor_1nexus_9000vnexus_9372tx-e_switchnexus_7706nexus_9364d-gx2anexus_3548-xnexus_31108pv-vnexus_3172tq-xlnexus_3548nexus_36180yc-rnexus_9396txnexus_92160yc_switchnexus_9508_switchmds_9506nexus_31128pqnexus_9372px-e_switchnexus_9232enexus_3524nx-osnexus_93120txnexus_5696qmds_9718firepower_4110nexus_9504_switchnexus_3164qnexus_92304qcnexus_5596tnexus_9508nexus_3100nexus_7700_2-slotucs_6332-16upnexus_93108tc-ex_switchnexus_93180yc-fx3sCisco Unified Computing System (Managed)Cisco Firepower Extensible Operating System (FXOS)Cisco NX-OS System Software in ACI ModeCisco NX-OS Software
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2024-20344
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.32%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:16
Updated-13 Aug, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-imm_management_packageucs_6454ucs_64108ucs_6536Cisco Unified Computing System (Managed)ucs_6454ucs_6536
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-20012
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.18%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-25 Oct, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6454_firmwareucs_central_softwareucs_64108_firmwarenexus_93180yc-fx3_firmwareucs_6454ucs_64108ucs_6536_firmwarenexus_93180yc-fx3snexus_93180yc-fx3nexus_93180yc-fx3s_firmwareucs_6536Cisco Unified Computing System (Managed)
CWE ID-CWE-287
Improper Authentication
CVE-2023-20015
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-28 Oct, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6454_firmwareucs_6300firepower_4150ucs_6332-16upucs_6300_firmwareucs_64108firepower_4110ucs_6248upfirepower_4125ucs_6296up_firmwareucs_64108_firmwareucs_central_softwarefirepower_9300_sm-44_x_3firepower_9300_sm-40ucs_6324ucs_6248up_firmwareucs_6332_firmwarefirepower_4120firepower_4145firepower_9300_sm-56firepower_9300_sm-56_x_3ucs_6536ucs_6332firepower_9300_sm-44firepower_4100ucs_6296upfirepower_9300_sm-24ucs_6536_firmwarefirepower_9300_sm-36ucs_6200firepower_extensible_operating_systemfirepower_9300_sm-48ucs_6324_firmwarefirepower_4112firepower_4140ucs_6454ucs_6332-16up_firmwareucs_6200_firmwarefirepower_4115Cisco Unified Computing System (Managed)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20016
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 16.87%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-25 Oct, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6454_firmwareucs_6300firepower_4150ucs_6332-16upucs_6300_firmwareucs_64108firepower_4110ucs_6248upfirepower_4125ucs_6296up_firmwareucs_64108_firmwareucs_central_softwarefxosfirepower_9300_sm-44_x_3firepower_9300_sm-40ucs_6324ucs_6248up_firmwareucs_6332_firmwarefirepower_4120firepower_4145firepower_9300_sm-56firepower_9300_sm-56_x_3ucs_6536ucs_6332firepower_9300_sm-44firepower_4100ucs_6296upfirepower_9300_sm-24ucs_6536_firmwarefirepower_9300_sm-36ucs_6200firepower_9300_sm-48ucs_6324_firmwarefirepower_4112firepower_4140ucs_6454ucs_6332-16up_firmwareucs_6200_firmwarefirepower_4115Cisco Unified Computing System (Managed)
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-330
Use of Insufficiently Random Values