Lucene search

CiscoCVELIST:CVE-2021-1592

HistoryAug 25, 2021 - 7:11 p.m.

CVE-2021-1592 Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability

2021-08-2519:11:30

CWE-664

cisco

www.cve.org

cisco

ucs manager

ssh

dos

vulnerability

authentication

remote access

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.

CNA Affected

[
  {
    "product": "Cisco Unified Computing System (Managed)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Related for CVELIST:CVE-2021-1592