On Wednesday, Cisco apprised customers that it has issued fixes for 17 critical and high-severity susceptibilities, impacting some of its Unified Computing products.
Most of these susceptibilities affect the Integrated Management Controller (IMC), which provides entrenched server management competences for Cisco Unified Computing System (UCS) servers. Five of the security fleabags also affect UCS Director and UCS Director Express for Big Data, while one release only impacts UCS Director and UCS Director Express for Big Data.
The critical faults are tracked as CVE-2019-1937, CVE-2019-1974, CVE-2019-1935 and CVE-2019-1938, which can be misused by remote, unverified attackers to acquire raised privileges, including administrator permissions, on the targeted system. Exploitation includes sending particularly fashioned requests and maltreating default credentials.
As for the high-severity faults, many need verification for exploitation, but some can be used without verification. They can be misused to create a denial-of-service (DoS) condition, to perform random commands with root privileges, make unlawful changes to the system configuration, and gain subtle configuration data and raise privileges.
Many of the susceptibilities repaired this week have been found by Cisco itself, but some have been attributed to Pedro Ribeiro, a researcher who uses the online name “bashis,” and a professional who wanted to remain unnamed. External researchers have been ascribed for three of the four serious susceptibilities.
Cisco says there is no indication that any of the faults impacting UCS and IMC have been exploited for malevolent purposes.
The networking behemoth also updated two formerly published advisories on Wednesday to notify customers that it has become aware of public exploit code for two susceptibilities in Small Business 220 series smart switches.