7.5
CVE-2021-34736
- EPSS 0.16%
- Published 21.10.2021 03:15:06
- Last modified 21.11.2024 06:11:04
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Unified Computing System Version < 4.1\(2g\)
Cisco ≫ Ucs C125 M5 Version-
Cisco ≫ Ucs C22 M3 Version-
Cisco ≫ Ucs C220 M3 Version-
Cisco ≫ Ucs C220 M4 Version-
Cisco ≫ Ucs C220 M5 Version-
Cisco ≫ Ucs C225 M6 Version-
Cisco ≫ Ucs C24 M3 Version-
Cisco ≫ Ucs C240 M3 Version-
Cisco ≫ Ucs C240 M5 Version-
Cisco ≫ Ucs C240 Sd M5 Version-
Cisco ≫ Ucs C245 M6 Version-
Cisco ≫ Ucs C260 M2 Version-
Cisco ≫ Ucs C3160 Version-
Cisco ≫ Ucs C3260 Version-
Cisco ≫ Ucs C420 M3 Version-
Cisco ≫ Ucs C4200 Version-
Cisco ≫ Ucs C460 M2 Version-
Cisco ≫ Ucs C460 M4 Version-
Cisco ≫ Ucs C480 M5 Version-
Cisco ≫ Ucs C480 Ml M5 Version-
Cisco ≫ Ucs C890 M5 Version-
Cisco ≫ Ucs C22 M3 Version-
Cisco ≫ Ucs C220 M3 Version-
Cisco ≫ Ucs C220 M4 Version-
Cisco ≫ Ucs C220 M5 Version-
Cisco ≫ Ucs C225 M6 Version-
Cisco ≫ Ucs C24 M3 Version-
Cisco ≫ Ucs C240 M3 Version-
Cisco ≫ Ucs C240 M5 Version-
Cisco ≫ Ucs C240 Sd M5 Version-
Cisco ≫ Ucs C245 M6 Version-
Cisco ≫ Ucs C260 M2 Version-
Cisco ≫ Ucs C3160 Version-
Cisco ≫ Ucs C3260 Version-
Cisco ≫ Ucs C420 M3 Version-
Cisco ≫ Ucs C4200 Version-
Cisco ≫ Ucs C460 M2 Version-
Cisco ≫ Ucs C460 M4 Version-
Cisco ≫ Ucs C480 M5 Version-
Cisco ≫ Ucs C480 Ml M5 Version-
Cisco ≫ Ucs C890 M5 Version-
Cisco ≫ Unified Computing System Version >= 4.2 < 4.2\(1b\)
Cisco ≫ Ucs C125 M5 Version-
Cisco ≫ Ucs C22 M3 Version-
Cisco ≫ Ucs C220 M3 Version-
Cisco ≫ Ucs C220 M4 Version-
Cisco ≫ Ucs C220 M5 Version-
Cisco ≫ Ucs C225 M6 Version-
Cisco ≫ Ucs C24 M3 Version-
Cisco ≫ Ucs C240 M3 Version-
Cisco ≫ Ucs C240 M5 Version-
Cisco ≫ Ucs C240 Sd M5 Version-
Cisco ≫ Ucs C245 M6 Version-
Cisco ≫ Ucs C260 M2 Version-
Cisco ≫ Ucs C3160 Version-
Cisco ≫ Ucs C3260 Version-
Cisco ≫ Ucs C420 M3 Version-
Cisco ≫ Ucs C4200 Version-
Cisco ≫ Ucs C460 M2 Version-
Cisco ≫ Ucs C460 M4 Version-
Cisco ≫ Ucs C480 M5 Version-
Cisco ≫ Ucs C480 Ml M5 Version-
Cisco ≫ Ucs C890 M5 Version-
Cisco ≫ Ucs C22 M3 Version-
Cisco ≫ Ucs C220 M3 Version-
Cisco ≫ Ucs C220 M4 Version-
Cisco ≫ Ucs C220 M5 Version-
Cisco ≫ Ucs C225 M6 Version-
Cisco ≫ Ucs C24 M3 Version-
Cisco ≫ Ucs C240 M3 Version-
Cisco ≫ Ucs C240 M5 Version-
Cisco ≫ Ucs C240 Sd M5 Version-
Cisco ≫ Ucs C245 M6 Version-
Cisco ≫ Ucs C260 M2 Version-
Cisco ≫ Ucs C3160 Version-
Cisco ≫ Ucs C3260 Version-
Cisco ≫ Ucs C420 M3 Version-
Cisco ≫ Ucs C4200 Version-
Cisco ≫ Ucs C460 M2 Version-
Cisco ≫ Ucs C460 M4 Version-
Cisco ≫ Ucs C480 M5 Version-
Cisco ≫ Ucs C480 Ml M5 Version-
Cisco ≫ Ucs C890 M5 Version-
Cisco ≫ Unified Computing System Version < 4.1\(3e\)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.331 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.