{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Bei dem Cisco Unified Computing System (UCS) handelt es sich um eine Rechenzentrumsplattform, die Rechenleistung, Netzwerk, Storage-Zugriff und Virtualisierung in einem System zusammenführt.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Cisco Unified Computing System (UCS) ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, erweiterte Berechtigungen zu erlangen und Daten zu ändern.", "title" : "Angriff" }, { "category" : "general", "text" : "- CISCO Appliance", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-0524 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0524.json" }, { "category" : "self", "summary" : "WID-SEC-2026-0524 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0524" }, { "category" : "external", "summary" : "Cisco Security Advisory cisco-sa-ucsm-cmdinj-GvxLPeSB vom 2026-02-25", "url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-cmdinj-GvxLPeSB" }, { "category" : "external", "summary" : "Cisco Security Advisory cisco-sa-ucsm-afwae-mOgUfyLn vom 2026-02-25", "url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-afwae-mOgUfyLn" } ], "source_lang" : "en-US", "title" : "Cisco Unified Computing System (UCS) Manager Software: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-02-25T23:00:00.000+00:00", "generator" : { "date" : "2026-02-26T10:27:10.914+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-0524", "initial_release_date" : "2026-02-25T23:00:00.000+00:00", "revision_history" : [ { "date" : "2026-02-25T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "SW <4.3(6f)", "product" : { "name" : "Cisco Unified Computing System (UCS) SW <4.3(6f)", "product_id" : "T051226" } }, { "category" : "product_version", "name" : "SW 4.3(6f)", "product" : { "name" : "Cisco Unified Computing System (UCS) SW 4.3(6f)", "product_id" : "T051226-fixed", "product_identification_helper" : { "cpe" : "cpe:/h:cisco:unified_computing_system:sw__4.3%25286f%2529" } } }, { "category" : "product_version_range", "name" : "SW <6.0(2)", "product" : { "name" : "Cisco Unified Computing System (UCS) SW <6.0(2)", "product_id" : "T051227" } }, { "category" : "product_version", "name" : "SW 6.0(2)", "product" : { "name" : "Cisco Unified Computing System (UCS) SW 6.0(2)", "product_id" : "T051227-fixed", "product_identification_helper" : { "cpe" : "cpe:/h:cisco:unified_computing_system:sw__6.0%25282%2529" } } }, { "category" : "product_version", "name" : "6300 Series Fabric Interconnects", "product" : { "name" : "Cisco Unified Computing System (UCS) 6300 Series Fabric Interconnects", "product_id" : "T051228", "product_identification_helper" : { "cpe" : "cpe:/h:cisco:unified_computing_system:6300_series_fabric_interconnects" } } }, { "category" : "product_version", "name" : "6400 Series Fabric Interconnects", "product" : { "name" : "Cisco Unified Computing System (UCS) 6400 Series Fabric Interconnects", "product_id" : "T051229", "product_identification_helper" : { "cpe" : "cpe:/h:cisco:unified_computing_system:6400_series_fabric_interconnects" } } }, { "category" : "product_version", "name" : "6500 Series Fabric Interconnects", "product" : { "name" : "Cisco Unified Computing System (UCS) 6500 Series Fabric Interconnects", "product_id" : "T051230", "product_identification_helper" : { "cpe" : "cpe:/h:cisco:unified_computing_system:6500_series_fabric_interconnects" } } }, { "category" : "product_version", "name" : "6600 Series Fabric Interconnects", "product" : { "name" : "Cisco Unified Computing System (UCS) 6600 Series Fabric Interconnects", "product_id" : "T051231", "product_identification_helper" : { "cpe" : "cpe:/h:cisco:unified_computing_system:6600_series_fabric_interconnects" } } }, { "category" : "product_version", "name" : "X-Series Direct Fabric Interconnects 9108 100G", "product" : { "name" : "Cisco Unified Computing System (UCS) X-Series Direct Fabric Interconnects 9108 100G", "product_id" : "T051232", "product_identification_helper" : { "cpe" : "cpe:/h:cisco:unified_computing_system:x-series_direct_fabric_interconnects_9108_100g" } } } ], "category" : "product_name", "name" : "Unified Computing System (UCS)" } ], "category" : "vendor", "name" : "Cisco" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-20036", "product_status" : { "known_affected" : [ "T051230", "T051229", "T051228", "T051227", "T051226", "T051232", "T051231" ] }, "release_date" : "2026-02-25T23:00:00.000+00:00", "title" : "CVE-2026-20036" }, { "cve" : "CVE-2026-20037", "product_status" : { "known_affected" : [ "T051230", "T051229", "T051226", "T051232" ] }, "release_date" : "2026-02-25T23:00:00.000+00:00", "title" : "CVE-2026-20037" } ] }