CVE-2014-3348

2014-09-1010:55:07

CWE-20

cisco

web.nvd.nist.gov

cve-2014-3348

integrated management controller

cisco

unified computing system

e-series blade servers

ssh

denial of service

imc hang

bug id cscuo69206

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

High

EPSS

0.022

Percentile

89.5%

JSON

The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.

Affected configurations

Nvd

Node

ciscointegrated_management_controllerRange≤2.2.2

AND

ciscounified_computing_system_e140dMatch-

ciscounified_computing_system_e140dpMatch-

ciscounified_computing_system_e140s_m1Match-

ciscounified_computing_system_e140s_m2Match-

ciscounified_computing_system_e160dMatch-

ciscounified_computing_system_e160dpMatch-

ciscounified_computing_system_en120s_m2Match-

VendorProductVersionCPE
ciscointegrated_management_controller*cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*
ciscounified_computing_system_e140d-cpe:2.3:h:cisco:unified_computing_system_e140d:-:*:*:*:*:*:*:*
ciscounified_computing_system_e140dp-cpe:2.3:h:cisco:unified_computing_system_e140dp:-:*:*:*:*:*:*:*
ciscounified_computing_system_e140s_m1-cpe:2.3:h:cisco:unified_computing_system_e140s_m1:-:*:*:*:*:*:*:*
ciscounified_computing_system_e140s_m2-cpe:2.3:h:cisco:unified_computing_system_e140s_m2:-:*:*:*:*:*:*:*
ciscounified_computing_system_e160d-cpe:2.3:h:cisco:unified_computing_system_e160d:-:*:*:*:*:*:*:*
ciscounified_computing_system_e160dp-cpe:2.3:h:cisco:unified_computing_system_e160dp:-:*:*:*:*:*:*:*
ciscounified_computing_system_en120s_m2-cpe:2.3:h:cisco:unified_computing_system_en120s_m2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	integrated_management_controller	*	cpe:2.3:a:cisco:integrated_management_controller::::::::
cisco	unified_computing_system_e140d	-	cpe:2.3:h:cisco:unified_computing_system_e140d:-:::::::*
cisco	unified_computing_system_e140dp	-	cpe:2.3:h:cisco:unified_computing_system_e140dp:-:::::::*
cisco	unified_computing_system_e140s_m1	-	cpe:2.3:h:cisco:unified_computing_system_e140s_m1:-:::::::*
cisco	unified_computing_system_e140s_m2	-	cpe:2.3:h:cisco:unified_computing_system_e140s_m2:-:::::::*
cisco	unified_computing_system_e160d	-	cpe:2.3:h:cisco:unified_computing_system_e160d:-:::::::*
cisco	unified_computing_system_e160dp	-	cpe:2.3:h:cisco:unified_computing_system_e160dp:-:::::::*
cisco	unified_computing_system_en120s_m2	-	cpe:2.3:h:cisco:unified_computing_system_en120s_m2:-:::::::*