CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
89.5%
A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.
The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall, to send crafted packets to the targeted device. This access requirement may reduce the likelihood of a successful exploit.
It is likely that recovering from a successful exploit would require a restart of the targeted device which would cause a temporary availability impact on other resources or traffic the device may provide to legitimate users. Cisco recommends utilizing an OS provided remote access method to properly shutdown the OS to prevent potential corruption of the OS before performing any recovery action if available.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_computing_system_software | any | cpe:2.3:a:cisco:unified_computing_system_software:any:*:*:*:*:*:*:* |