Multiple Vulnerabilities in Cisco Unified Computing System Advisory ID: cisco-sa-20130424-ucsmulti Revision 1.0 For Public Release 2013 April 24 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Managed and standalone Cisco Unified Computing System (UCS) deployments contain one or more of the vulnerabilities: * Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability * Cisco Unified Computing System IPMI Buffer Overflow Vulnerability * Cisco Unified Computing Management API Denial of Service Vulnerability * Cisco Unified Computing System Information Disclosure Vulnerability * Cisco Unified Computing System KVM Authentication Bypass Vulnerability Cisco has released free software updates that address these vulnerabilities. These vulnerabilities affect only Cisco UCS. Additional vulnerabilities that affect the NX-OS base operating system of UCS are described in Multiple Vulnerabilities in Cisco NX-OS-Based Products. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti