Lucene search

CiscoCVE-2021-1592

HistoryAug 25, 2021 - 8:15 p.m.

CVE-2021-1592

2021-08-2520:15:12

CWE-770

CWE-664

cisco

web.nvd.nist.gov

cisco

ucs manager

software

vulnerability

dos

ssh

sessions

cisco ucs manager

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.

Affected configurations

Nvd

Node

ciscounified_computing_systemRange4.0–4.0\(4m\)

ciscounified_computing_systemRange4.1–4.1\(3e\)

AND

ciscounified_computing_system_64108Match-

ciscounified_computing_system_6454Match-

VendorProductVersionCPE
ciscounified_computing_system*cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*
ciscounified_computing_system_64108-cpe:2.3:h:cisco:unified_computing_system_64108:-:*:*:*:*:*:*:*
ciscounified_computing_system_6454-cpe:2.3:h:cisco:unified_computing_system_6454:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_computing_system	*	cpe:2.3:a:cisco:unified_computing_system::::::::
cisco	unified_computing_system_64108	-	cpe:2.3:h:cisco:unified_computing_system_64108:-:::::::*
cisco	unified_computing_system_6454	-	cpe:2.3:h:cisco:unified_computing_system_6454:-:::::::*

CNA Affected

[
  {
    "product": "Cisco Unified Computing System (Managed)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Related for CVE-2021-1592