All the vulnerabilites related to cisco - ucs_c3160_rack_server
Vulnerability from fkie_nvd
Published
2017-05-22 01:29
Modified
2024-11-21 03:30
Severity ?
Summary
A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_computing_system | 3.0\(0.234\) | |
| cisco | ucs_c220_m4_rack_server | - | |
| cisco | ucs_c240_m4_rack_server | - | |
| cisco | ucs_c3160_rack_server | - | |
| cisco | ucs_c460_m4_rack_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_computing_system:3.0\\(0.234\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E07F70AD-B096-421F-9E67-2B047023B1A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_c220_m4_rack_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F44380FC-71DA-46ED-B143-339EA81F5325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_c240_m4_rack_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24DE28E4-C9BD-4710-A6CA-AC171804AFC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_c3160_rack_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B6516F-D8A5-4A5A-B7EB-EBA2856F2334",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_c460_m4_rack_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7939EC-521A-434C-B990-7DA4D227140C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544."
},
{
"lang": "es",
"value": "Vulnerabilidad en el proceso de limitaci\u00f3n de TCP de Cisco UCS C-Series Rack Servers 3.0 (0.234) podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la insuficiencia de la limitaci\u00f3n de la protecci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una alta tasa de paquetes TCP SYN a un puerto de escucha TCP espec\u00edfico en un dispositivo afectado. Un exploit podr\u00eda permitir al atacante hacer que un puerto de escucha espec\u00edfico de TCP dejara de aceptar nuevas conexiones, resultando en una condici\u00f3n DoS. ID de errores de Cisco: CSCva65544."
}
],
"id": "CVE-2017-6633",
"lastModified": "2024-11-21T03:30:10.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-22T01:29:00.273",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98525"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1038513"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-6633
Vulnerability from cvelistv5
Published
2017-05-22 01:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038513 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98525 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco UCS C-Series Rack Servers |
Version: Cisco UCS C-Series Rack Servers |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038513"
},
{
"name": "98525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco UCS C-Series Rack Servers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco UCS C-Series Rack Servers"
}
]
}
],
"datePublic": "2017-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1038513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038513"
},
{
"name": "98525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco UCS C-Series Rack Servers",
"version": {
"version_data": [
{
"version_value": "Cisco UCS C-Series Rack Servers"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038513"
},
{
"name": "98525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98525"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6633",
"datePublished": "2017-05-22T01:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}