CVE-2020-3504

EPSS 0.17%
Published 27.08.2020 16:15:12
Last modified 21.11.2024 05:31:12
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Firepower Extensible Operating System Version-

   Cisco ≫ Firepower 1010 Version-
   Cisco ≫ Firepower 1120 Version-
   Cisco ≫ Firepower 1140 Version-
   Cisco ≫ Firepower 1150 Version-
   Cisco ≫ Firepower 2110 Version-
   Cisco ≫ Firepower 2120 Version-
   Cisco ≫ Firepower 2130 Version-
   Cisco ≫ Firepower 2140 Version-
   Cisco ≫ Firepower 4110 Version-
   Cisco ≫ Firepower 4112 Version-
   Cisco ≫ Firepower 4115 Version-
   Cisco ≫ Firepower 4120 Version-
   Cisco ≫ Firepower 4125 Version-
   Cisco ≫ Firepower 4140 Version-
   Cisco ≫ Firepower 4145 Version-
   Cisco ≫ Firepower 4150 Version-
   Cisco ≫ Firepower 9300 Version-

Cisco ≫ Nx-os Version-

   Cisco ≫ Mds 9100 Version-
   Cisco ≫ Mds 9200 Version-
   Cisco ≫ Mds 9500 Version-
   Cisco ≫ Mds 9700 Version-
   Cisco ≫ Nexus 1000 Virtual Edge Version-
   Cisco ≫ Nexus 1000v Version-
   Cisco ≫ Nexus 3016 Version-
   Cisco ≫ Nexus 3048 Version-
   Cisco ≫ Nexus 3064 Version-
   Cisco ≫ Nexus 3064-t Version-
   Cisco ≫ Nexus 31108pc-v Version-
   Cisco ≫ Nexus 31108tc-v Version-
   Cisco ≫ Nexus 31128pq Version-
   Cisco ≫ Nexus 3132c-z Version-
   Cisco ≫ Nexus 3132q Version-
   Cisco ≫ Nexus 3132q-v Version-
   Cisco ≫ Nexus 3132q-xl Version-
   Cisco ≫ Nexus 3164q Version-
   Cisco ≫ Nexus 3172 Version-
   Cisco ≫ Nexus 3172pq-xl Version-
   Cisco ≫ Nexus 3172tq Version-
   Cisco ≫ Nexus 3172tq-32t Version-
   Cisco ≫ Nexus 3172tq-xl Version-
   Cisco ≫ Nexus 3232c Version-
   Cisco ≫ Nexus 3264c-e Version-
   Cisco ≫ Nexus 3264q Version-
   Cisco ≫ Nexus 3408-s Version-
   Cisco ≫ Nexus 34180yc Version-
   Cisco ≫ Nexus 3432d-s Version-
   Cisco ≫ Nexus 3464c Version-
   Cisco ≫ Nexus 3524 Version-
   Cisco ≫ Nexus 3524-x Version-
   Cisco ≫ Nexus 3524-xl Version-
   Cisco ≫ Nexus 3548 Version-
   Cisco ≫ Nexus 3548-x Version-
   Cisco ≫ Nexus 3548-xl Version-
   Cisco ≫ Nexus 36180yc-r Version-
   Cisco ≫ Nexus 3636c-r Version-
   Cisco ≫ Nexus 5548p Version-
   Cisco ≫ Nexus 5548up Version-
   Cisco ≫ Nexus 5596t Version-
   Cisco ≫ Nexus 5596up Version-
   Cisco ≫ Nexus 56128p Version-
   Cisco ≫ Nexus 5624q Version-
   Cisco ≫ Nexus 5648q Version-
   Cisco ≫ Nexus 5672up Version-
   Cisco ≫ Nexus 5696q Version-
   Cisco ≫ Nexus 6001 Version-
   Cisco ≫ Nexus 6004 Version-
   Cisco ≫ Nexus 7000 Version-
   Cisco ≫ Nexus 7700 Version-
   Cisco ≫ Nexus 9000v Version-
   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92300yc Version-
   Cisco ≫ Nexus 92304qc Version-
   Cisco ≫ Nexus 92348gc-x Version-
   Cisco ≫ Nexus 9236c Version-
   Cisco ≫ Nexus 9272q Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93108tc-fx Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 93128tx Version-
   Cisco ≫ Nexus 93180lc-ex Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 93180yc-fx Version-
   Cisco ≫ Nexus 93216tc-fx2 Version-
   Cisco ≫ Nexus 93240yc-fx2 Version-
   Cisco ≫ Nexus 9332c Version-
   Cisco ≫ Nexus 9332pq Version-
   Cisco ≫ Nexus 93360yc-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2 Version-
   Cisco ≫ Nexus 9336pq Aci Spine Version-
   Cisco ≫ Nexus 9348gc-fxp Version-
   Cisco ≫ Nexus 9364c Version-
   Cisco ≫ Nexus 9372px Version-
   Cisco ≫ Nexus 9372px-e Version-
   Cisco ≫ Nexus 9372tx Version-
   Cisco ≫ Nexus 9372tx-e Version-
   Cisco ≫ Nexus 9396px Version-
   Cisco ≫ Nexus 9396tx Version-
   Cisco ≫ Nexus 9504 Version-
   Cisco ≫ Nexus 9508 Version-
   Cisco ≫ Nexus 9516 Version-
   Cisco ≫ Ucs 6248up Version-
   Cisco ≫ Ucs 6296up Version-
   Cisco ≫ Ucs 6300 Version-
   Cisco ≫ Ucs 6324 Version-

Cisco ≫ Nx-os Version >= 4.0 < 4.0\(4i\)

Cisco ≫ Ucs 64108 Version-
Cisco ≫ Ucs 6454 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.345

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3504

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3504

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3504

EUVD