All the vulnerabilites related to Cisco - Cisco Unified Computing System (Managed)
cve-2023-20012
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-10-25 16:04
Severity ?
EPSS score ?
Summary
Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.036Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230223 Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20012", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:36:42.894823Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T16:04:09.781Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed) ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-23T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230223 Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx" } ], "source": { "advisory": "cisco-sa-elyfex-dos-gfvcByx", "defect": [ [ "CSCwc52750" ] ], "discovery": "INTERNAL" }, "title": "Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20012", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T16:04:09.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20294
Vulnerability from cvelistv5
Published
2024-02-28 16:16
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.
Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20294", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T18:49:22.444391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:40:18.434Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.160Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-lldp-dos-z7PncTgt", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.0(2)A3(1)" }, { "status": "affected", "version": "6.0(2)A3(2)" }, { "status": "affected", "version": "6.0(2)A3(4)" }, { "status": "affected", "version": "6.0(2)A4(1)" }, { "status": "affected", "version": "6.0(2)A4(2)" }, { "status": "affected", "version": "6.0(2)A4(3)" }, { "status": "affected", "version": "6.0(2)A4(4)" }, { "status": "affected", "version": "6.0(2)A4(5)" }, { "status": "affected", "version": "6.0(2)A4(6)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)A7(1)" }, { "status": "affected", "version": "6.0(2)A7(1a)" }, { "status": "affected", "version": "6.0(2)A7(2)" }, { "status": "affected", "version": "6.0(2)A7(2a)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.0(2)U2(1)" }, { "status": "affected", "version": "6.0(2)U2(2)" }, { "status": "affected", "version": "6.0(2)U2(3)" }, { "status": "affected", "version": "6.0(2)U2(4)" }, { "status": "affected", "version": "6.0(2)U2(5)" }, { "status": "affected", "version": "6.0(2)U2(6)" }, { "status": "affected", "version": "6.0(2)U3(1)" }, { "status": "affected", "version": "6.0(2)U3(2)" }, { "status": "affected", "version": "6.0(2)U3(3)" }, { "status": "affected", "version": "6.0(2)U3(4)" }, { "status": "affected", "version": "6.0(2)U3(5)" }, { "status": "affected", "version": "6.0(2)U3(6)" }, { "status": "affected", "version": "6.0(2)U3(7)" }, { "status": "affected", "version": "6.0(2)U3(8)" }, { "status": "affected", "version": "6.0(2)U3(9)" }, { "status": "affected", "version": "6.0(2)U4(1)" }, { "status": "affected", "version": "6.0(2)U4(2)" }, { "status": "affected", "version": "6.0(2)U4(3)" }, { "status": "affected", "version": "6.0(2)U4(4)" }, { "status": "affected", "version": "6.0(2)U5(1)" }, { "status": "affected", "version": "6.0(2)U5(2)" }, { "status": "affected", "version": "6.0(2)U5(3)" }, { "status": "affected", "version": "6.0(2)U5(4)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.0(3)I2(2a)" }, { "status": "affected", "version": "7.0(3)I2(2b)" }, { "status": "affected", "version": "7.0(3)I2(2c)" }, { "status": "affected", "version": "7.0(3)I2(2d)" }, { "status": "affected", "version": "7.0(3)I2(2e)" }, { "status": "affected", "version": "7.0(3)I2(3)" }, { "status": "affected", "version": "7.0(3)I2(4)" }, { "status": "affected", "version": "7.0(3)I2(5)" }, { "status": "affected", "version": "7.0(3)I2(1)" }, { "status": "affected", "version": "7.0(3)I2(1a)" }, { "status": "affected", "version": "7.0(3)I2(2)" }, { "status": "affected", "version": "7.0(3)I3(1)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "7.3(2)D1(1)" }, { "status": "affected", "version": "7.3(2)D1(2)" }, { "status": "affected", "version": "7.3(2)D1(3)" }, { "status": "affected", "version": "7.3(2)D1(3a)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "8.0(1)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "8.1(2)" }, { "status": "affected", "version": "8.1(2a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "8.2(3)" }, { "status": "affected", "version": "8.2(4)" }, { "status": "affected", "version": "8.2(5)" }, { "status": "affected", "version": "8.2(6)" }, { "status": "affected", "version": "8.2(7)" }, { "status": "affected", "version": "8.2(7a)" }, { "status": "affected", "version": "8.2(8)" }, { "status": "affected", "version": "8.2(9)" }, { "status": "affected", "version": "8.2(10)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.3(3)D1(1)" }, { "status": "affected", "version": "7.3(4)D1(1)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(3)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "8.4(4)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "8.4(4a)" }, { "status": "affected", "version": "8.4(5)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "8.4(6)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "8.4(6a)" }, { "status": "affected", "version": "8.4(7)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "7.3(5)D1(1)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "7.3(6)D1(1)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.3(7)D1(1)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "7.3(8)D1(1)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "7.3(9)D1(1)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "7.3(13)N1(1)" } ] }, { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.1(1e)" }, { "status": "affected", "version": "3.1(1g)" }, { "status": "affected", "version": "3.1(1h)" }, { "status": "affected", "version": "3.1(1k)" }, { "status": "affected", "version": "3.1(1l)" }, { "status": "affected", "version": "3.1(2b)" }, { "status": "affected", "version": "3.1(2c)" }, { "status": "affected", "version": "3.1(2e)" }, { "status": "affected", "version": "3.1(2f)" }, { "status": "affected", "version": "3.1(2g)" }, { "status": "affected", "version": "3.1(2h)" }, { "status": "affected", "version": "3.1(3a)" }, { "status": "affected", "version": "3.1(3b)" }, { "status": "affected", "version": "3.1(3c)" }, { "status": "affected", "version": "3.1(3d)" }, { "status": "affected", "version": "3.1(3e)" }, { "status": "affected", "version": "3.1(3f)" }, { "status": "affected", "version": "3.1(3h)" }, { "status": "affected", "version": "3.1(3j)" }, { "status": "affected", "version": "3.1(3k)" }, { "status": "affected", "version": "3.1(2d)" }, { "status": "affected", "version": "3.1(3l)" }, { "status": "affected", "version": "3.2(1d)" }, { "status": "affected", "version": "3.2(2b)" }, { "status": "affected", "version": "3.2(2c)" }, { "status": "affected", "version": "3.2(2d)" }, { "status": "affected", "version": "3.2(2e)" }, { "status": "affected", "version": "3.2(2f)" }, { "status": "affected", "version": "3.2(3a)" }, { "status": "affected", "version": "3.2(3b)" }, { "status": "affected", "version": "3.2(3d)" }, { "status": "affected", "version": "3.2(3e)" }, { "status": "affected", "version": "3.2(3g)" }, { "status": "affected", "version": "3.2(3h)" }, { "status": "affected", "version": "3.2(3i)" }, { "status": "affected", "version": "3.2(3j)" }, { "status": "affected", "version": "3.2(3k)" }, { "status": "affected", "version": "3.2(3l)" }, { "status": "affected", "version": "3.2(3n)" }, { "status": "affected", "version": "3.2(3o)" }, { "status": "affected", "version": "3.2(3p)" }, { "status": "affected", "version": "4.0(1a)" }, { "status": "affected", "version": "4.0(1b)" }, { "status": "affected", "version": "4.0(1c)" }, { "status": "affected", "version": "4.0(1d)" }, { "status": "affected", "version": "4.0(2a)" }, { "status": "affected", "version": "4.0(2b)" }, { "status": "affected", "version": "4.0(2d)" }, { "status": "affected", "version": "4.0(2e)" }, { "status": "affected", "version": "4.0(4b)" }, { "status": "affected", "version": "4.0(4c)" }, { "status": "affected", "version": "4.0(4d)" }, { "status": "affected", "version": "4.0(4e)" }, { "status": "affected", "version": "4.0(4f)" }, { "status": "affected", "version": "4.0(4g)" }, { "status": "affected", "version": "4.0(4h)" }, { "status": "affected", "version": "4.0(4a)" }, { "status": "affected", "version": "4.0(4i)" }, { "status": "affected", "version": "4.0(4k)" }, { "status": "affected", "version": "4.0(4l)" }, { "status": "affected", "version": "4.0(4m)" }, { "status": "affected", "version": "4.0(4n)" }, { "status": "affected", "version": "4.0(4o)" }, { "status": "affected", "version": "4.1(1a)" }, { "status": "affected", "version": "4.1(1b)" }, { "status": "affected", "version": "4.1(1c)" }, { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(1d)" }, { "status": "affected", "version": "4.1(1e)" }, { "status": "affected", "version": "4.1(2b)" }, { "status": "affected", "version": "4.1(3a)" }, { "status": "affected", "version": "4.1(3b)" }, { "status": "affected", "version": "4.1(2c)" }, { "status": "affected", "version": "4.1(3d)" }, { "status": "affected", "version": "4.1(3c)" }, { "status": "affected", "version": "4.1(3e)" }, { "status": "affected", "version": "4.1(3f)" }, { "status": "affected", "version": "4.1(3h)" }, { "status": "affected", "version": "4.1(3i)" }, { "status": "affected", "version": "4.1(3j)" }, { "status": "affected", "version": "4.1(3k)" }, { "status": "affected", "version": "4.1(3l)" }, { "status": "affected", "version": "4.2(1d)" }, { "status": "affected", "version": "4.2(1c)" }, { "status": "affected", "version": "4.2(1f)" }, { "status": "affected", "version": "4.2(1i)" }, { "status": "affected", "version": "4.2(1k)" }, { "status": "affected", "version": "4.2(1l)" }, { "status": "affected", "version": "4.2(1m)" }, { "status": "affected", "version": "4.2(2a)" }, { "status": "affected", "version": "4.2(2c)" }, { "status": "affected", "version": "4.2(1n)" }, { "status": "affected", "version": "4.2(2d)" }, { "status": "affected", "version": "4.2(3b)" }, { "status": "affected", "version": "4.2(2e)" }, { "status": "affected", "version": "4.2(3d)" }, { "status": "affected", "version": "4.2(3e)" }, { "status": "affected", "version": "4.2(3g)" }, { "status": "affected", "version": "4.2(3h)" }, { "status": "affected", "version": "4.2(3i)" } ] }, { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2.1.63" }, { "status": "affected", "version": "2.2.1.66" }, { "status": "affected", "version": "2.2.1.70" }, { "status": "affected", "version": "2.2.2.17" }, { "status": "affected", "version": "2.2.2.19" }, { "status": "affected", "version": "2.2.2.24" }, { "status": "affected", "version": "2.2.2.26" }, { "status": "affected", "version": "2.2.2.28" }, { "status": "affected", "version": "2.2.2.54" }, { "status": "affected", "version": "2.2.2.60" }, { "status": "affected", "version": "2.2.2.71" }, { "status": "affected", "version": "2.2.2.83" }, { "status": "affected", "version": "2.2.2.86" }, { "status": "affected", "version": "2.2.2.91" }, { "status": "affected", "version": "2.2.2.97" }, { "status": "affected", "version": "2.2.2.101" }, { "status": "affected", "version": "2.2.2.137" }, { "status": "affected", "version": "2.2.2.148" }, { "status": "affected", "version": "2.2.2.149" }, { "status": "affected", "version": "2.3.1.99" }, { "status": "affected", "version": "2.3.1.93" }, { "status": "affected", "version": "2.3.1.91" }, { "status": "affected", "version": "2.3.1.88" }, { "status": "affected", "version": "2.3.1.75" }, { "status": "affected", "version": "2.3.1.73" }, { "status": "affected", "version": "2.3.1.66" }, { "status": "affected", "version": "2.3.1.58" }, { "status": "affected", "version": "2.3.1.130" }, { "status": "affected", "version": "2.3.1.111" }, { "status": "affected", "version": "2.3.1.110" }, { "status": "affected", "version": "2.3.1.144" }, { "status": "affected", "version": "2.3.1.145" }, { "status": "affected", "version": "2.3.1.155" }, { "status": "affected", "version": "2.3.1.166" }, { "status": "affected", "version": "2.3.1.173" }, { "status": "affected", "version": "2.3.1.179" }, { "status": "affected", "version": "2.3.1.180" }, { "status": "affected", "version": "2.3.1.56" }, { "status": "affected", "version": "2.3.1.190" }, { "status": "affected", "version": "2.3.1.215" }, { "status": "affected", "version": "2.3.1.216" }, { "status": "affected", "version": "2.3.1.219" }, { "status": "affected", "version": "2.3.1.230" }, { "status": "affected", "version": "2.6.1.131" }, { "status": "affected", "version": "2.6.1.157" }, { "status": "affected", "version": "2.6.1.166" }, { "status": "affected", "version": "2.6.1.169" }, { "status": "affected", "version": "2.6.1.174" }, { "status": "affected", "version": "2.6.1.187" }, { "status": "affected", "version": "2.6.1.192" }, { "status": "affected", "version": "2.6.1.204" }, { "status": "affected", "version": "2.6.1.214" }, { "status": "affected", "version": "2.6.1.224" }, { "status": "affected", "version": "2.6.1.229" }, { "status": "affected", "version": "2.6.1.230" }, { "status": "affected", "version": "2.6.1.238" }, { "status": "affected", "version": "2.6.1.239" }, { "status": "affected", "version": "2.6.1.254" }, { "status": "affected", "version": "2.6.1.259" }, { "status": "affected", "version": "2.6.1.264" }, { "status": "affected", "version": "2.6.1.265" }, { "status": "affected", "version": "2.8.1.105" }, { "status": "affected", "version": "2.8.1.125" }, { "status": "affected", "version": "2.8.1.139" }, { "status": "affected", "version": "2.8.1.143" }, { "status": "affected", "version": "2.8.1.152" }, { "status": "affected", "version": "2.8.1.162" }, { "status": "affected", "version": "2.8.1.164" }, { "status": "affected", "version": "2.8.1.172" }, { "status": "affected", "version": "2.8.1.186" }, { "status": "affected", "version": "2.8.1.190" }, { "status": "affected", "version": "2.8.1.198" }, { "status": "affected", "version": "2.9.1.131" }, { "status": "affected", "version": "2.9.1.135" }, { "status": "affected", "version": "2.9.1.143" }, { "status": "affected", "version": "2.9.1.150" }, { "status": "affected", "version": "2.9.1.158" }, { "status": "affected", "version": "2.10.1.159" }, { "status": "affected", "version": "2.10.1.166" }, { "status": "affected", "version": "2.10.1.179" }, { "status": "affected", "version": "2.10.1.207" }, { "status": "affected", "version": "2.10.1.234" }, { "status": "affected", "version": "2.10.1.245" }, { "status": "affected", "version": "2.10.1.271" }, { "status": "affected", "version": "2.11.1.154" }, { "status": "affected", "version": "2.11.1.182" }, { "status": "affected", "version": "2.11.1.200" }, { "status": "affected", "version": "2.11.1.205" }, { "status": "affected", "version": "2.12.0.31" }, { "status": "affected", "version": "2.12.0.432" }, { "status": "affected", "version": "2.12.0.450" }, { "status": "affected", "version": "2.12.0.467" }, { "status": "affected", "version": "2.12.0.498" }, { "status": "affected", "version": "2.12.1.29" }, { "status": "affected", "version": "2.12.1.48" }, { "status": "affected", "version": "2.13.0.198" }, { "status": "affected", "version": "2.13.0.212" }, { "status": "affected", "version": "2.13.0.243" }, { "status": "affected", "version": "2.14.1.131" } ] }, { "product": "Cisco NX-OS System Software in ACI Mode", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1m)" }, { "status": "affected", "version": "12.0(2g)" }, { "status": "affected", "version": "12.0(1n)" }, { "status": "affected", "version": "12.0(1o)" }, { "status": "affected", "version": "12.0(1p)" }, { "status": "affected", "version": "12.0(1q)" }, { "status": "affected", "version": "12.0(2h)" }, { "status": "affected", "version": "12.0(2l)" }, { "status": "affected", "version": "12.0(2m)" }, { "status": "affected", "version": "12.0(2n)" }, { "status": "affected", "version": "12.0(2o)" }, { "status": "affected", "version": "12.0(2f)" }, { "status": "affected", "version": "12.0(1r)" }, { "status": "affected", "version": "12.1(1h)" }, { "status": "affected", "version": "12.1(2e)" }, { "status": "affected", "version": "12.1(3g)" }, { "status": "affected", "version": "12.1(4a)" }, { "status": "affected", "version": "12.1(1i)" }, { "status": "affected", "version": "12.1(2g)" }, { "status": "affected", "version": "12.1(2k)" }, { "status": "affected", "version": "12.1(3h)" }, { "status": "affected", "version": "12.1(3j)" }, { "status": "affected", "version": "12.2(1n)" }, { "status": "affected", "version": "12.2(2e)" }, { "status": "affected", "version": "12.2(3j)" }, { "status": "affected", "version": "12.2(4f)" }, { "status": "affected", "version": "12.2(4p)" }, { "status": "affected", "version": "12.2(3p)" }, { "status": "affected", "version": "12.2(3r)" }, { "status": "affected", "version": "12.2(3s)" }, { "status": "affected", "version": "12.2(3t)" }, { "status": "affected", "version": "12.2(2f)" }, { "status": "affected", "version": "12.2(2i)" }, { "status": "affected", "version": "12.2(2j)" }, { "status": "affected", "version": "12.2(2k)" }, { "status": "affected", "version": "12.2(2q)" }, { "status": "affected", "version": "12.2(1o)" }, { "status": "affected", "version": "12.2(4q)" }, { "status": "affected", "version": "12.2(4r)" }, { "status": "affected", "version": "12.3(1e)" }, { "status": "affected", "version": "12.3(1f)" }, { "status": "affected", "version": "12.3(1i)" }, { "status": "affected", "version": "12.3(1l)" }, { "status": "affected", "version": "12.3(1o)" }, { "status": "affected", "version": "12.3(1p)" }, { "status": "affected", "version": "13.0(1k)" }, { "status": "affected", "version": "13.0(2h)" }, { "status": "affected", "version": "13.0(2k)" }, { "status": "affected", "version": "13.0(2n)" }, { "status": "affected", "version": "13.1(1i)" }, { "status": "affected", "version": "13.1(2m)" }, { "status": "affected", "version": "13.1(2o)" }, { "status": "affected", "version": "13.1(2p)" }, { "status": "affected", "version": "13.1(2q)" }, { "status": "affected", "version": "13.1(2s)" }, { "status": "affected", "version": "13.1(2t)" }, { "status": "affected", "version": "13.1(2u)" }, { "status": "affected", "version": "13.1(2v)" }, { "status": "affected", "version": "13.2(1l)" }, { "status": "affected", "version": "13.2(1m)" }, { "status": "affected", "version": "13.2(2l)" }, { "status": "affected", "version": "13.2(2o)" }, { "status": "affected", "version": "13.2(3i)" }, { "status": "affected", "version": "13.2(3n)" }, { "status": "affected", "version": "13.2(3o)" }, { "status": "affected", "version": "13.2(3r)" }, { "status": "affected", "version": "13.2(4d)" }, { "status": "affected", "version": "13.2(4e)" }, { "status": "affected", "version": "13.2(3s)" }, { "status": "affected", "version": "13.2(5d)" }, { "status": "affected", "version": "13.2(5e)" }, { "status": "affected", "version": "13.2(5f)" }, { "status": "affected", "version": "13.2(6i)" }, { "status": "affected", "version": "13.2(7f)" }, { "status": "affected", "version": "13.2(7k)" }, { "status": "affected", "version": "13.2(9b)" }, { "status": "affected", "version": "13.2(9f)" }, { "status": "affected", "version": "13.2(9h)" }, { "status": "affected", "version": "13.2(10e)" }, { "status": "affected", "version": "13.2(10f)" }, { "status": "affected", "version": "13.2(10g)" }, { "status": "affected", "version": "14.0(1h)" }, { "status": "affected", "version": "14.0(2c)" }, { "status": "affected", "version": "14.0(3d)" }, { "status": "affected", "version": "14.0(3c)" }, { "status": "affected", "version": "14.1(1i)" }, { "status": "affected", "version": "14.1(1j)" }, { "status": "affected", "version": "14.1(1k)" }, { "status": "affected", "version": "14.1(1l)" }, { "status": "affected", "version": "14.1(2g)" }, { "status": "affected", "version": "14.1(2m)" }, { "status": "affected", "version": "14.1(2o)" }, { "status": "affected", "version": "14.1(2s)" }, { "status": "affected", "version": "14.1(2u)" }, { "status": "affected", "version": "14.1(2w)" }, { "status": "affected", "version": "14.1(2x)" }, { "status": "affected", "version": "14.2(1i)" }, { "status": "affected", "version": "14.2(1j)" }, { "status": "affected", "version": "14.2(1l)" }, { "status": "affected", "version": "14.2(2e)" }, { "status": "affected", "version": "14.2(2f)" }, { "status": "affected", "version": "14.2(2g)" }, { "status": "affected", "version": "14.2(3j)" }, { "status": "affected", "version": "14.2(3l)" }, { "status": "affected", "version": "14.2(3n)" }, { "status": "affected", "version": "14.2(3q)" }, { "status": "affected", "version": "14.2(4i)" }, { "status": "affected", "version": "14.2(4k)" }, { "status": "affected", "version": "14.2(4o)" }, { "status": "affected", "version": "14.2(4p)" }, { "status": "affected", "version": "14.2(5k)" }, { "status": "affected", "version": "14.2(5l)" }, { "status": "affected", "version": "14.2(5n)" }, { "status": "affected", "version": "14.2(6d)" }, { "status": "affected", "version": "14.2(6g)" }, { "status": "affected", "version": "14.2(6h)" }, { "status": "affected", "version": "14.2(6l)" }, { "status": "affected", "version": "14.2(7f)" }, { "status": "affected", "version": "14.2(7l)" }, { "status": "affected", "version": "14.2(6o)" }, { "status": "affected", "version": "14.2(7q)" }, { "status": "affected", "version": "14.2(7r)" }, { "status": "affected", "version": "14.2(7s)" }, { "status": "affected", "version": "14.2(7t)" }, { "status": "affected", "version": "14.2(7u)" }, { "status": "affected", "version": "14.2(7v)" }, { "status": "affected", "version": "14.2(7w)" }, { "status": "affected", "version": "15.0(1k)" }, { "status": "affected", "version": "15.0(1l)" }, { "status": "affected", "version": "15.0(2e)" }, { "status": "affected", "version": "15.0(2h)" }, { "status": "affected", "version": "15.1(1h)" }, { "status": "affected", "version": "15.1(2e)" }, { "status": "affected", "version": "15.1(3e)" }, { "status": "affected", "version": "15.1(4c)" }, { "status": "affected", "version": "15.2(1g)" }, { "status": "affected", "version": "15.2(2e)" }, { "status": "affected", "version": "15.2(2f)" }, { "status": "affected", "version": "15.2(2g)" }, { "status": "affected", "version": "15.2(2h)" }, { "status": "affected", "version": "15.2(3e)" }, { "status": "affected", "version": "15.2(3f)" }, { "status": "affected", "version": "15.2(3g)" }, { "status": "affected", "version": "15.2(4d)" }, { "status": "affected", "version": "15.2(4e)" }, { "status": "affected", "version": "15.2(5c)" }, { "status": "affected", "version": "15.2(5d)" }, { "status": "affected", "version": "15.2(5e)" }, { "status": "affected", "version": "15.2(4f)" }, { "status": "affected", "version": "15.2(6e)" }, { "status": "affected", "version": "15.2(6g)" }, { "status": "affected", "version": "15.2(7f)" }, { "status": "affected", "version": "15.2(7g)" }, { "status": "affected", "version": "15.2(8d)" }, { "status": "affected", "version": "15.2(8e)" }, { "status": "affected", "version": "15.2(8f)" }, { "status": "affected", "version": "15.2(8g)" }, { "status": "affected", "version": "16.0(1g)" }, { "status": "affected", "version": "16.0(1j)" }, { "status": "affected", "version": "16.0(2h)" }, { "status": "affected", "version": "16.0(2j)" }, { "status": "affected", "version": "16.0(3d)" }, { "status": "affected", "version": "16.0(3e)" }, { "status": "affected", "version": "15.3(1d)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.\r\n\r Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol)." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-805", "description": "Buffer Access with Incorrect Length Value", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-28T16:16:56.717Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-lldp-dos-z7PncTgt", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt" } ], "source": { "advisory": "cisco-sa-nxos-lldp-dos-z7PncTgt", "defects": [ "CSCwf67412", "CSCwf67468", "CSCwi31871", "CSCwe86457", "CSCwf67408", "CSCwf67409", "CSCwf67411", "CSCwi29934" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20294", "datePublished": "2024-02-28T16:16:56.717Z", "dateReserved": "2023-11-08T15:08:07.629Z", "dateUpdated": "2024-08-01T21:59:41.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34736
Vulnerability from cvelistv5
Published
2021-10-21 02:50
Modified
2024-11-07 21:46
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller GUI Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:19:48.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20211020 Cisco Integrated Management Controller GUI Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-34736", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:44:36.610487Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T21:46:33.524Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-10-20T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-21T02:50:50", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20211020 Cisco Integrated Management Controller GUI Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh" } ], "source": { "advisory": "cisco-sa-imc-gui-dos-TZjrFyZh", "defect": [ [ "CSCvy91321" ] ], "discovery": "INTERNAL" }, "title": "Cisco Integrated Management Controller GUI Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-10-20T16:00:00", "ID": "CVE-2021-34736", "STATE": "PUBLIC", "TITLE": "Cisco Integrated Management Controller GUI Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20211020 Cisco Integrated Management Controller GUI Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh" } ] }, "source": { "advisory": "cisco-sa-imc-gui-dos-TZjrFyZh", "defect": [ [ "CSCvy91321" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-34736", "datePublished": "2021-10-21T02:50:50.138911Z", "dateReserved": "2021-06-15T00:00:00", "dateUpdated": "2024-11-07T21:46:33.524Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1880
Vulnerability from cvelistv5
Published
2019-06-05 16:30
Modified
2024-11-21 19:22
Severity ?
EPSS score ?
Summary
Cisco Unified Computing System BIOS Signature Bypass Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108680 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190605 Cisco Unified Computing System BIOS Signature Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass" }, { "name": "108680", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108680" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1880", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-21T18:58:15.273798Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-21T19:22:52.735Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "lessThan": "4.0(4c)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-07T10:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190605 Cisco Unified Computing System BIOS Signature Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass" }, { "name": "108680", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108680" } ], "source": { "advisory": "cisco-sa-20190605-ucs-biossig-bypass", "defect": [ [ "CSCvp12824", "CSCvp12840" ] ], "discovery": "INTERNAL" }, "title": "Cisco Unified Computing System BIOS Signature Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-06-05T16:00:00-0700", "ID": "CVE-2019-1880", "STATE": "PUBLIC", "TITLE": "Cisco Unified Computing System BIOS Signature Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.0(4c)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.4", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-345" } ] } ] }, "references": { "reference_data": [ { "name": "20190605 Cisco Unified Computing System BIOS Signature Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass" }, { "name": "108680", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108680" } ] }, "source": { "advisory": "cisco-sa-20190605-ucs-biossig-bypass", "defect": [ [ "CSCvp12824", "CSCvp12840" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1880", "datePublished": "2019-06-05T16:30:23.473763Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-21T19:22:52.735Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20016
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-10-25 16:04
Severity ?
EPSS score ?
Summary
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230223 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20016", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:36:41.126540Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T16:04:01.210Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed) ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "CWE-321", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-23T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230223 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA" } ], "source": { "advisory": "cisco-sa-ucsm-bkpsky-H8FCQgsA", "defect": [ [ "CSCvm53827", "CSCwc01592" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20016", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T16:04:01.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3119
Vulnerability from cvelistv5
Published
2020-02-05 17:45
Modified
2024-11-15 17:42
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce | vendor-advisory, x_refsource_CISCO | |
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:24:00.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200205 Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3119", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:25:08.322696Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:42:33.555Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "lessThan": "9.3(2)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-05T18:06:05", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200205 Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" } ], "source": { "advisory": "cisco-sa-20200205-nxos-cdp-rce", "defect": [ [ "CSCvr09175", "CSCvr09531", "CSCvr09539", "CSCvr09544", "CSCvr09555" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3119", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "9.3(2)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "20200205 Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce" }, { "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" } ] }, "source": { "advisory": "cisco-sa-20200205-nxos-cdp-rce", "defect": [ [ "CSCvr09175", "CSCvr09531", "CSCvr09539", "CSCvr09544", "CSCvr09555" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3119", "datePublished": "2020-02-05T17:45:15.813799Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:42:33.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3172
Vulnerability from cvelistv5
Published
2020-02-26 16:50
Modified
2024-11-15 17:38
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:24:00.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200226 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3172", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:25:00.721656Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:38:15.493Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-26T16:50:40", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200226 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp" } ], "source": { "advisory": "cisco-sa-20200226-fxos-nxos-cdp", "defect": [ [ "CSCux07556", "CSCux58226", "CSCvr31410", "CSCvr37146", "CSCvr37148", "CSCvr37150", "CSCvr37151" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-26T16:00:00-0800", "ID": "CVE-2020-3172", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20200226 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp" } ] }, "source": { "advisory": "cisco-sa-20200226-fxos-nxos-cdp", "defect": [ [ "CSCux07556", "CSCux58226", "CSCvr31410", "CSCvr37146", "CSCvr37148", "CSCvr37150", "CSCvr37151" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3172", "datePublished": "2020-02-26T16:50:40.700230Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:38:15.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3504
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-11-13 18:10
Severity ?
EPSS score ?
Summary
Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:37:54.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200826 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3504", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:24:18.362716Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:10:32.493Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-664", "description": "CWE-664", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T15:40:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200826 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe" } ], "source": { "advisory": "cisco-sa-ucs-cli-dos-GQUxCnTe", "defect": [ [ "CSCvr91760" ] ], "discovery": "INTERNAL" }, "title": "Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-08-26T16:00:00", "ID": "CVE-2020-3504", "STATE": "PUBLIC", "TITLE": "Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "3.3", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-664" } ] } ] }, "references": { "reference_data": [ { "name": "20200826 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe" } ] }, "source": { "advisory": "cisco-sa-ucs-cli-dos-GQUxCnTe", "defect": [ [ "CSCvr91760" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3504", "datePublished": "2020-08-27T15:40:13.292875Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:10:32.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20015
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-10-28 16:33
Severity ?
EPSS score ?
Summary
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230223 Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxfp-cmdinj-XXBZjtR" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20015", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-28T16:19:24.685336Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-28T16:33:53.572Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed) ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-23T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230223 Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxfp-cmdinj-XXBZjtR" } ], "source": { "advisory": "cisco-sa-nxfp-cmdinj-XXBZjtR", "defect": [ [ "CSCwc52151", "CSCwd11206", "CSCwd11228" ] ], "discovery": "INTERNAL" }, "title": "Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20015", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-28T16:33:53.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1966
Vulnerability from cvelistv5
Published
2019-08-29 21:45
Modified
2024-11-20 17:11
Severity ?
EPSS score ?
Summary
Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:35:52.219Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190828 Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1966", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:52:00.820852Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:11:02.856Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "lessThan": "4.0(2a)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-29T21:45:26", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190828 Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation" } ], "source": { "advisory": "cisco-sa-20190828-ucs-privescalation", "defect": [ [ "CSCvm77243", "CSCvm80093" ] ], "discovery": "INTERNAL" }, "title": "Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-28T16:00:00-0700", "ID": "CVE-2019-1966", "STATE": "PUBLIC", "TITLE": "Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.0(2a)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.8", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "20190828 Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation" } ] }, "source": { "advisory": "cisco-sa-20190828-ucs-privescalation", "defect": [ [ "CSCvm77243", "CSCvm80093" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1966", "datePublished": "2019-08-29T21:45:26.020957Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:11:02.856Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1962
Vulnerability from cvelistv5
Published
2019-08-28 18:50
Modified
2024-11-19 18:58
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:35:51.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190828 Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1962", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T17:23:21.487524Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T18:58:31.811Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "lessThan": "8.4(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-28T18:50:22", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190828 Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos" } ], "source": { "advisory": "cisco-sa-20190828-nxos-fsip-dos", "defect": [ [ "CSCva64492", "CSCvj59058", "CSCvk70625", "CSCvk70631", "CSCvk70632", "CSCvk70633" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-28T16:00:00-0700", "ID": "CVE-2019-1962", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.4(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20190828 Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos" } ] }, "source": { "advisory": "cisco-sa-20190828-nxos-fsip-dos", "defect": [ [ "CSCva64492", "CSCvj59058", "CSCvk70625", "CSCvk70631", "CSCvk70632", "CSCvk70633" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1962", "datePublished": "2019-08-28T18:50:22.852268Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-19T18:58:31.811Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26063
Vulnerability from cvelistv5
Published
2024-11-18 16:05
Modified
2024-11-18 19:49
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Software Authorization Bypass Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3n\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4h\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3k\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4g\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3i\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3g\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4f\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2f\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(1d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3l\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3j\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3o\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4i\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3p\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(2b\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_computing_system", "vendor": "cisco", "versions": [ { "status": "affected", "version": "4.0\\(1a\\)" }, { "status": "affected", "version": "3.2\\(3n\\)" }, { "status": "affected", "version": "4.1\\(1a\\)" }, { "status": "affected", "version": "4.1\\(1b\\)" }, { "status": "affected", "version": "4.0\\(4h\\)" }, { "status": "affected", "version": "4.1\\(1c\\)" }, { "status": "affected", "version": "3.2\\(3k\\)" }, { "status": "affected", "version": "3.2\\(2c\\)" }, { "status": "affected", "version": "4.0\\(4e\\)" }, { "status": "affected", "version": "4.0\\(4g\\)" }, { "status": "affected", "version": "3.2\\(3i\\)" }, { "status": "affected", "version": "4.0\\(2e\\)" }, { "status": "affected", "version": "3.2\\(3g\\)" }, { "status": "affected", "version": "4.0\\(4a\\)" }, { "status": "affected", "version": "4.0\\(2d\\)" }, { "status": "affected", "version": "3.2\\(2d\\)" }, { "status": "affected", "version": "4.0\\(1b\\)" }, { "status": "affected", "version": "4.0\\(4f\\)" }, { "status": "affected", "version": "3.2\\(3h\\)" }, { "status": "affected", "version": "3.2\\(2f\\)" }, { "status": "affected", "version": "4.0\\(4c\\)" }, { "status": "affected", "version": "3.2\\(3a\\)" }, { "status": "affected", "version": "4.0\\(1c\\)" }, { "status": "affected", "version": "3.2\\(3d\\)" }, { "status": "affected", "version": "3.2\\(2b\\)" }, { "status": "affected", "version": "4.0\\(4b\\)" }, { "status": "affected", "version": "3.2\\(2e\\)" }, { "status": "affected", "version": "4.0\\(2b\\)" }, { "status": "affected", "version": "4.0\\(4d\\)" }, { "status": "affected", "version": "3.2\\(1d\\)" }, { "status": "affected", "version": "3.2\\(3e\\)" }, { "status": "affected", "version": "3.2\\(3l\\)" }, { "status": "affected", "version": "3.2\\(3b\\)" }, { "status": "affected", "version": "4.0\\(2a\\)" }, { "status": "affected", "version": "3.2\\(3j\\)" }, { "status": "affected", "version": "4.0\\(1d\\)" }, { "status": "affected", "version": "3.2\\(3o\\)" }, { "status": "affected", "version": "4.0\\(4i\\)" }, { "status": "affected", "version": "4.1\\(1d\\)" }, { "status": "affected", "version": "4.1\\(2a\\)" }, { "status": "affected", "version": "4.1\\(1e\\)" }, { "status": "affected", "version": "3.2\\(3p\\)" }, { "status": "affected", "version": "4.1\\(2b\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2020-26063", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-18T19:49:29.299678Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-18T19:49:33.809Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "4.0(1a)" }, { "status": "affected", "version": "3.2(3n)" }, { "status": "affected", "version": "4.1(1a)" }, { "status": "affected", "version": "4.1(1b)" }, { "status": "affected", "version": "4.0(4h)" }, { "status": "affected", "version": "4.1(1c)" }, { "status": "affected", "version": "3.2(3k)" }, { "status": "affected", "version": "3.2(2c)" }, { "status": "affected", "version": "4.0(4e)" }, { "status": "affected", "version": "4.0(4g)" }, { "status": "affected", "version": "3.2(3i)" }, { "status": "affected", "version": "4.0(2e)" }, { "status": "affected", "version": "3.2(3g)" }, { "status": "affected", "version": "4.0(4a)" }, { "status": "affected", "version": "4.0(2d)" }, { "status": "affected", "version": "3.2(2d)" }, { "status": "affected", "version": "4.0(1b)" }, { "status": "affected", "version": "4.0(4f)" }, { "status": "affected", "version": "3.2(3h)" }, { "status": "affected", "version": "3.2(2f)" }, { "status": "affected", "version": "4.0(4c)" }, { "status": "affected", "version": "3.2(3a)" }, { "status": "affected", "version": "4.0(1c)" }, { "status": "affected", "version": "3.2(3d)" }, { "status": "affected", "version": "3.2(2b)" }, { "status": "affected", "version": "4.0(4b)" }, { "status": "affected", "version": "3.2(2e)" }, { "status": "affected", "version": "4.0(2b)" }, { "status": "affected", "version": "4.0(4d)" }, { "status": "affected", "version": "3.2(1d)" }, { "status": "affected", "version": "3.2(3e)" }, { "status": "affected", "version": "3.2(3l)" }, { "status": "affected", "version": "3.2(3b)" }, { "status": "affected", "version": "4.0(2a)" }, { "status": "affected", "version": "3.2(3j)" }, { "status": "affected", "version": "4.0(1d)" }, { "status": "affected", "version": "3.2(3o)" }, { "status": "affected", "version": "4.0(4i)" }, { "status": "affected", "version": "4.1(1d)" }, { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(1e)" }, { "status": "affected", "version": "3.2(3p)" }, { "status": "affected", "version": "4.1(2b)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the API endpoints of Cisco\u0026nbsp;Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.\r\nThe vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-18T16:05:53.165Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cimc-auth-zWkppJxL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD" } ], "source": { "advisory": "cisco-sa-cimc-auth-zWkppJxL", "defects": [ "CSCvv07287" ], "discovery": "EXTERNAL" }, "title": "Cisco Integrated Management Controller Software Authorization Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-26063", "datePublished": "2024-11-18T16:05:53.165Z", "dateReserved": "2020-09-24T00:00:00.000Z", "dateUpdated": "2024-11-18T19:49:33.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26062
Vulnerability from cvelistv5
Published
2024-11-18 16:06
Modified
2024-11-18 18:46
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Username Enumeration Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3n\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4h\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3k\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4g\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3i\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3g\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4f\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2f\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(1d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3l\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3b\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3j\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3o\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4i\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1d\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1e\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3p\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_computing_system", "vendor": "cisco", "versions": [ { "status": "affected", "version": "4.0\\(1a\\)" }, { "status": "affected", "version": "3.2\\(3n\\)" }, { "status": "affected", "version": "4.1\\(1a\\)" }, { "status": "affected", "version": "4.1\\(1b\\)" }, { "status": "affected", "version": "4.0\\(4h\\)" }, { "status": "affected", "version": "4.1\\(1c\\)" }, { "status": "affected", "version": "3.2\\(3k\\)" }, { "status": "affected", "version": "3.2\\(2c\\)" }, { "status": "affected", "version": "4.0\\(4e\\)" }, { "status": "affected", "version": "4.0\\(4g\\)" }, { "status": "affected", "version": "3.2\\(3i\\)" }, { "status": "affected", "version": "4.0\\(2e\\)" }, { "status": "affected", "version": "3.2\\(3g\\)" }, { "status": "affected", "version": "4.0\\(4a\\)" }, { "status": "affected", "version": "4.0\\(2d\\)" }, { "status": "affected", "version": "3.2\\(2d\\)" }, { "status": "affected", "version": "4.0\\(1b\\)" }, { "status": "affected", "version": "4.0\\(4f\\)" }, { "status": "affected", "version": "3.2\\(3h\\)" }, { "status": "affected", "version": "3.2\\(2f\\)" }, { "status": "affected", "version": "4.0\\(4c\\)" }, { "status": "affected", "version": "3.2\\(3a\\)" }, { "status": "affected", "version": "4.0\\(1c\\)" }, { "status": "affected", "version": "3.2\\(3d\\)" }, { "status": "affected", "version": "3.2\\(2b\\)" }, { "status": "affected", "version": "4.0\\(4b\\)" }, { "status": "affected", "version": "3.2\\(2e\\)" }, { "status": "affected", "version": "4.0\\(2b\\)" }, { "status": "affected", "version": "4.0\\(4d\\)" }, { "status": "affected", "version": "3.2\\(1d\\)" }, { "status": "affected", "version": "3.2\\(3e\\)" }, { "status": "affected", "version": "3.2\\(3l\\)" }, { "status": "affected", "version": "3.2\\(3b\\)" }, { "status": "affected", "version": "4.0\\(2a\\)" }, { "status": "affected", "version": "3.2\\(3j\\)" }, { "status": "affected", "version": "4.0\\(1d\\)" }, { "status": "affected", "version": "3.2\\(3o\\)" }, { "status": "affected", "version": "4.0\\(4i\\)" }, { "status": "affected", "version": "4.1\\(1d\\)" }, { "status": "affected", "version": "4.1\\(2a\\)" }, { "status": "affected", "version": "4.1\\(1e\\)" }, { "status": "affected", "version": "3.2\\(3p\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2020-26062", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-18T18:39:09.926743Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-18T18:46:04.617Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "4.0(1a)" }, { "status": "affected", "version": "3.2(3n)" }, { "status": "affected", "version": "4.1(1a)" }, { "status": "affected", "version": "4.1(1b)" }, { "status": "affected", "version": "4.0(4h)" }, { "status": "affected", "version": "4.1(1c)" }, { "status": "affected", "version": "3.2(3k)" }, { "status": "affected", "version": "3.2(2c)" }, { "status": "affected", "version": "4.0(4e)" }, { "status": "affected", "version": "4.0(4g)" }, { "status": "affected", "version": "3.2(3i)" }, { "status": "affected", "version": "4.0(2e)" }, { "status": "affected", "version": "3.2(3g)" }, { "status": "affected", "version": "4.0(4a)" }, { "status": "affected", "version": "4.0(2d)" }, { "status": "affected", "version": "3.2(2d)" }, { "status": "affected", "version": "4.0(1b)" }, { "status": "affected", "version": "4.0(4f)" }, { "status": "affected", "version": "3.2(3h)" }, { "status": "affected", "version": "3.2(2f)" }, { "status": "affected", "version": "4.0(4c)" }, { "status": "affected", "version": "3.2(3a)" }, { "status": "affected", "version": "4.0(1c)" }, { "status": "affected", "version": "3.2(3d)" }, { "status": "affected", "version": "3.2(2b)" }, { "status": "affected", "version": "4.0(4b)" }, { "status": "affected", "version": "3.2(2e)" }, { "status": "affected", "version": "4.0(2b)" }, { "status": "affected", "version": "4.0(4d)" }, { "status": "affected", "version": "3.2(1d)" }, { "status": "affected", "version": "3.2(3e)" }, { "status": "affected", "version": "3.2(3l)" }, { "status": "affected", "version": "3.2(3b)" }, { "status": "affected", "version": "4.0(2a)" }, { "status": "affected", "version": "3.2(3j)" }, { "status": "affected", "version": "4.0(1d)" }, { "status": "affected", "version": "3.2(3o)" }, { "status": "affected", "version": "4.0(4i)" }, { "status": "affected", "version": "4.1(1d)" }, { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(1e)" }, { "status": "affected", "version": "3.2(3p)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco\u0026nbsp;Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "Observable Discrepancy", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-18T16:06:00.592Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cimc-enum-CyheP3B7", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL" } ], "source": { "advisory": "cisco-sa-cimc-enum-CyheP3B7", "defects": [ "CSCvv07275" ], "discovery": "EXTERNAL" }, "title": "Cisco Integrated Management Controller Username Enumeration Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-26062", "datePublished": "2024-11-18T16:06:00.592Z", "dateReserved": "2020-09-24T00:00:00.000Z", "dateUpdated": "2024-11-18T18:46:04.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20200
Vulnerability from cvelistv5
Published
2023-08-23 18:20
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:35.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.1(1e)" }, { "status": "affected", "version": "3.1(1g)" }, { "status": "affected", "version": "3.1(1h)" }, { "status": "affected", "version": "3.1(1k)" }, { "status": "affected", "version": "3.1(1l)" }, { "status": "affected", "version": "3.1(2b)" }, { "status": "affected", "version": "3.1(2c)" }, { "status": "affected", "version": "3.1(2e)" }, { "status": "affected", "version": "3.1(2f)" }, { "status": "affected", "version": "3.1(2g)" }, { "status": "affected", "version": "3.1(2h)" }, { "status": "affected", "version": "3.1(3a)" }, { "status": "affected", "version": "3.1(3b)" }, { "status": "affected", "version": "3.1(3c)" }, { "status": "affected", "version": "3.1(3d)" }, { "status": "affected", "version": "3.1(3e)" }, { "status": "affected", "version": "3.1(3f)" }, { "status": "affected", "version": "3.1(3h)" }, { "status": "affected", "version": "3.1(3j)" }, { "status": "affected", "version": "3.1(3k)" }, { "status": "affected", "version": "3.1(2d)" }, { "status": "affected", "version": "3.1(3l)" }, { "status": "affected", "version": "3.2(1d)" }, { "status": "affected", "version": "3.2(2b)" }, { "status": "affected", "version": "3.2(2c)" }, { "status": "affected", "version": "3.2(2d)" }, { "status": "affected", "version": "3.2(2e)" }, { "status": "affected", "version": "3.2(2f)" }, { "status": "affected", "version": "3.2(3a)" }, { "status": "affected", "version": "3.2(3b)" }, { "status": "affected", "version": "3.2(3d)" }, { "status": "affected", "version": "3.2(3e)" }, { "status": "affected", "version": "3.2(3g)" }, { "status": "affected", "version": "3.2(3h)" }, { "status": "affected", "version": "3.2(3i)" }, { "status": "affected", "version": "3.2(3j)" }, { "status": "affected", "version": "3.2(3k)" }, { "status": "affected", "version": "3.2(3l)" }, { "status": "affected", "version": "3.2(3n)" }, { "status": "affected", "version": "3.2(3o)" }, { "status": "affected", "version": "3.2(3p)" }, { "status": "affected", "version": "4.0(1a)" }, { "status": "affected", "version": "4.0(1b)" }, { "status": "affected", "version": "4.0(1c)" }, { "status": "affected", "version": "4.0(1d)" }, { "status": "affected", "version": "4.0(2a)" }, { "status": "affected", "version": "4.0(2b)" }, { "status": "affected", "version": "4.0(2d)" }, { "status": "affected", "version": "4.0(2e)" }, { "status": "affected", "version": "4.0(4b)" }, { "status": "affected", "version": "4.0(4c)" }, { "status": "affected", "version": "4.0(4d)" }, { "status": "affected", "version": "4.0(4e)" }, { "status": "affected", "version": "4.0(4f)" }, { "status": "affected", "version": "4.0(4g)" }, { "status": "affected", "version": "4.0(4h)" }, { "status": "affected", "version": "4.0(4a)" }, { "status": "affected", "version": "4.0(4i)" }, { "status": "affected", "version": "4.0(4k)" }, { "status": "affected", "version": "4.0(4l)" }, { "status": "affected", "version": "4.0(4m)" }, { "status": "affected", "version": "4.0(4n)" }, { "status": "affected", "version": "4.0(4o)" }, { "status": "affected", "version": "4.1(1a)" }, { "status": "affected", "version": "4.1(1b)" }, { "status": "affected", "version": "4.1(1c)" }, { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(1d)" }, { "status": "affected", "version": "4.1(1e)" }, { "status": "affected", "version": "4.1(2b)" }, { "status": "affected", "version": "4.1(3a)" }, { "status": "affected", "version": "4.1(3b)" }, { "status": "affected", "version": "4.1(2c)" }, { "status": "affected", "version": "4.1(3d)" }, { "status": "affected", "version": "4.1(3c)" }, { "status": "affected", "version": "4.1(3e)" }, { "status": "affected", "version": "4.1(3f)" }, { "status": "affected", "version": "4.1(3h)" }, { "status": "affected", "version": "4.1(3i)" }, { "status": "affected", "version": "4.1(3j)" }, { "status": "affected", "version": "4.1(3k)" }, { "status": "affected", "version": "4.2(1d)" }, { "status": "affected", "version": "4.2(1c)" }, { "status": "affected", "version": "4.2(1f)" }, { "status": "affected", "version": "4.2(1i)" }, { "status": "affected", "version": "4.2(1k)" }, { "status": "affected", "version": "4.2(1l)" }, { "status": "affected", "version": "4.2(1m)" }, { "status": "affected", "version": "4.2(2a)" }, { "status": "affected", "version": "4.2(2c)" }, { "status": "affected", "version": "4.2(1n)" }, { "status": "affected", "version": "4.2(2d)" }, { "status": "affected", "version": "4.2(3b)" }, { "status": "affected", "version": "4.2(2e)" } ] }, { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2.1.63" }, { "status": "affected", "version": "2.2.1.66" }, { "status": "affected", "version": "2.2.1.70" }, { "status": "affected", "version": "2.2.2.17" }, { "status": "affected", "version": "2.2.2.19" }, { "status": "affected", "version": "2.2.2.24" }, { "status": "affected", "version": "2.2.2.26" }, { "status": "affected", "version": "2.2.2.28" }, { "status": "affected", "version": "2.2.2.54" }, { "status": "affected", "version": "2.2.2.60" }, { "status": "affected", "version": "2.3.1.93" }, { "status": "affected", "version": "2.3.1.91" }, { "status": "affected", "version": "2.3.1.88" }, { "status": "affected", "version": "2.3.1.75" }, { "status": "affected", "version": "2.3.1.73" }, { "status": "affected", "version": "2.3.1.66" }, { "status": "affected", "version": "2.3.1.58" }, { "status": "affected", "version": "2.3.1.56" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\n\r Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:56.220Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO" } ], "source": { "advisory": "cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO", "defects": [ "CSCwd38796", "CSCwe12029", "CSCvi80806" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20200", "datePublished": "2023-08-23T18:20:09.900Z", "dateReserved": "2022-10-27T18:47:50.365Z", "dateUpdated": "2024-08-02T09:05:35.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3173
Vulnerability from cvelistv5
Published
2020-02-26 16:50
Modified
2024-11-15 17:38
Severity ?
EPSS score ?
Summary
Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:24:00.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200226 Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3173", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:25:02.102838Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:38:26.014Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-26T16:50:35", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200226 Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj" } ], "source": { "advisory": "cisco-sa-20200226-ucs-cli-cmdinj", "defect": [ [ "CSCvq57926" ] ], "discovery": "INTERNAL" }, "title": "Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-26T16:00:00-0800", "ID": "CVE-2020-3173", "STATE": "PUBLIC", "TITLE": "Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.8", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20200226 Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj" } ] }, "source": { "advisory": "cisco-sa-20200226-ucs-cli-cmdinj", "defect": [ [ "CSCvq57926" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3173", "datePublished": "2020-02-26T16:50:36.058155Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:38:26.014Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1963
Vulnerability from cvelistv5
Published
2019-08-28 18:50
Modified
2024-11-21 19:15
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:35:51.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190828 Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1963", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-21T18:57:11.615078Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-21T19:15:22.318Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "lessThan": "8.4(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-28T18:50:15", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190828 Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos" } ], "source": { "advisory": "cisco-sa-20190828-fxnxos-snmp-dos", "defect": [ [ "CSCvn13270", "CSCvn23529", "CSCvn23531", "CSCvn23532", "CSCvn23534", "CSCvn23535", "CSCvn23536", "CSCvn23537", "CSCvn23538" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-28T16:00:00-0700", "ID": "CVE-2019-1963", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.4(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.7", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20190828 Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos" } ] }, "source": { "advisory": "cisco-sa-20190828-fxnxos-snmp-dos", "defect": [ [ "CSCvn13270", "CSCvn23529", "CSCvn23531", "CSCvn23532", "CSCvn23534", "CSCvn23535", "CSCvn23536", "CSCvn23537", "CSCvn23538" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1963", "datePublished": "2019-08-28T18:50:15.502235Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-21T19:15:22.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1592
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-11-07 22:01
Severity ?
EPSS score ?
Summary
Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.401Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210825 Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1592", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:40:52.968373Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T22:01:59.836Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-664", "description": "CWE-664", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-25T19:11:30", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210825 Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy" } ], "source": { "advisory": "cisco-sa-ucs-ssh-dos-MgvmyrQy", "defect": [ [ "CSCvw33513" ] ], "discovery": "INTERNAL" }, "title": "Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-08-25T16:00:00", "ID": "CVE-2021-1592", "STATE": "PUBLIC", "TITLE": "Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Computing System (Managed)", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-664" } ] } ] }, "references": { "reference_data": [ { "name": "20210825 Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy" } ] }, "source": { "advisory": "cisco-sa-ucs-ssh-dos-MgvmyrQy", "defect": [ [ "CSCvw33513" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1592", "datePublished": "2021-08-25T19:11:30.199701Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-07T22:01:59.836Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20344
Vulnerability from cvelistv5
Published
2024-02-28 16:16
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device.
This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:cisco:ucs_6454:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ucs_6454", "vendor": "cisco", "versions": [ { "lessThanOrEqual": "1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:cisco:ucs_6536:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ucs_6536", "vendor": "cisco", "versions": [ { "lessThanOrEqual": "1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20344", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T17:00:07.602839Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-26T14:35:04.588Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ucsfi-imm-syn-p6kZTDQC", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfi-imm-syn-p6kZTDQC" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device.\r\n\r This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-28T16:16:03.042Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ucsfi-imm-syn-p6kZTDQC", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfi-imm-syn-p6kZTDQC" } ], "source": { "advisory": "cisco-sa-ucsfi-imm-syn-p6kZTDQC", "defects": [ "CSCwb71517" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20344", "datePublished": "2024-02-28T16:16:03.042Z", "dateReserved": "2023-11-08T15:08:07.643Z", "dateUpdated": "2024-08-01T21:59:42.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20365
Vulnerability from cvelistv5
Published
2024-10-02 16:52
Modified
2024-10-02 20:08
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Redfish Command Injection Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Unified Computing System (Managed) |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:unified_computing_system_manager_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_computing_system_manager_firmware", "vendor": "cisco", "versions": [ { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(2b)" }, { "status": "affected", "version": "4.1(3a)" }, { "status": "affected", "version": "4.1(3b)" }, { "status": "affected", "version": "4.1(2c)" }, { "status": "affected", "version": "4.1(4a)" }, { "status": "affected", "version": "4.1(3c)" }, { "status": "affected", "version": "4.1(3d)" }, { "status": "affected", "version": "4.2(1c)" }, { "status": "affected", "version": "4.2(1d)" }, { "status": "affected", "version": "4.1(3e)" }, { "status": "affected", "version": "4.2(1f)" }, { "status": "affected", "version": "4.1(3f)" }, { "status": "affected", "version": "4.2(1i)" }, { "status": "affected", "version": "4.2(1k)" }, { "status": "affected", "version": "4.1(3h)" }, { "status": "affected", "version": "4.2(1l)" }, { "status": "affected", "version": "4.2(1m)" }, { "status": "affected", "version": "4.1(3i)" }, { "status": "affected", "version": "4.2(2a)" }, { "status": "affected", "version": "4.2(1n)" }, { "status": "affected", "version": "4.1(3j)" }, { "status": "affected", "version": "4.2(2c)" }, { "status": "affected", "version": "4.2(2d)" }, { "status": "affected", "version": "4.2(3b)" }, { "status": "affected", "version": "4.1(3k)" }, { "status": "affected", "version": "4.2(2e)" }, { "status": "affected", "version": "4.2(3d)" }, { "status": "affected", "version": "4.2(3e)" }, { "status": "affected", "version": "4.2(3g)" }, { "status": "affected", "version": "4.1(3l)" }, { "status": "affected", "version": "4.3(2b)" }, { "status": "affected", "version": "4.2(3h)" }, { "status": "affected", "version": "4.2(3i)" }, { "status": "affected", "version": "4.3(2c)" }, { "status": "affected", "version": "4.1(3m)" }, { "status": "affected", "version": "4.3(2e)" }, { "status": "affected", "version": "4.3(3a)" }, { "status": "affected", "version": "4.2(3j)" }, { "status": "affected", "version": "4.3(3c)" }, { "status": "affected", "version": "4.3(4a)" }, { "status": "affected", "version": "4.2(3k)" }, { "status": "affected", "version": "4.3(4b)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20365", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-02T19:03:58.696816Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-02T20:08:13.029Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(2b)" }, { "status": "affected", "version": "4.1(3a)" }, { "status": "affected", "version": "4.1(3b)" }, { "status": "affected", "version": "4.1(2c)" }, { "status": "affected", "version": "4.1(4a)" }, { "status": "affected", "version": "4.1(3c)" }, { "status": "affected", "version": "4.1(3d)" }, { "status": "affected", "version": "4.2(1c)" }, { "status": "affected", "version": "4.2(1d)" }, { "status": "affected", "version": "4.1(3e)" }, { "status": "affected", "version": "4.2(1f)" }, { "status": "affected", "version": "4.1(3f)" }, { "status": "affected", "version": "4.2(1i)" }, { "status": "affected", "version": "4.2(1k)" }, { "status": "affected", "version": "4.1(3h)" }, { "status": "affected", "version": "4.2(1l)" }, { "status": "affected", "version": "4.2(1m)" }, { "status": "affected", "version": "4.1(3i)" }, { "status": "affected", "version": "4.2(2a)" }, { "status": "affected", "version": "4.2(1n)" }, { "status": "affected", "version": "4.1(3j)" }, { "status": "affected", "version": "4.2(2c)" }, { "status": "affected", "version": "4.2(2d)" }, { "status": "affected", "version": "4.2(3b)" }, { "status": "affected", "version": "4.1(3k)" }, { "status": "affected", "version": "4.2(2e)" }, { "status": "affected", "version": "4.2(3d)" }, { "status": "affected", "version": "4.2(3e)" }, { "status": "affected", "version": "4.2(3g)" }, { "status": "affected", "version": "4.1(3l)" }, { "status": "affected", "version": "4.3(2b)" }, { "status": "affected", "version": "4.2(3h)" }, { "status": "affected", "version": "4.2(3i)" }, { "status": "affected", "version": "4.3(2c)" }, { "status": "affected", "version": "4.1(3m)" }, { "status": "affected", "version": "4.3(2e)" }, { "status": "affected", "version": "4.3(3a)" }, { "status": "affected", "version": "4.2(3j)" }, { "status": "affected", "version": "4.3(3c)" }, { "status": "affected", "version": "4.3(4a)" }, { "status": "affected", "version": "4.2(3k)" }, { "status": "affected", "version": "4.3(4b)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-02T16:52:46.381Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cimc-redfish-cominj-sbkv5ZZ", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-redfish-cominj-sbkv5ZZ" } ], "source": { "advisory": "cisco-sa-cimc-redfish-cominj-sbkv5ZZ", "defects": [ "CSCwi88894" ], "discovery": "INTERNAL" }, "title": "Cisco Integrated Management Controller Redfish Command Injection Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20365", "datePublished": "2024-10-02T16:52:46.381Z", "dateReserved": "2023-11-08T15:08:07.652Z", "dateUpdated": "2024-10-02T20:08:13.029Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }