4.3
CVE-2021-1592
- EPSS 1.03%
- Veröffentlicht 25.08.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:44:41
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability
A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Unified Computing System Version >= 4.0 < 4.0\(4m\)
Cisco ≫ Unified Computing System Version >= 4.1 < 4.1\(3e\)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.03% | 0.592 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-664 Improper Control of a Resource Through its Lifetime
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy