Skip to main content

Unified Computing System CVE-2021-1592

MEDIUM
Improper Control of a Resource Through its Lifetime (CWE-664)
2021-08-25 psirt@cisco.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Aug 25, 2021 - 20:15 nvd
MEDIUM 4.3

DescriptionNVD

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.

AnalysisAI

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-664. A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device. Affected products include: Cisco Unified Computing System.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-6435 CRITICAL POC
9.8 Jan 22

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS)

CVE-2021-1368 HIGH
8.8 Feb 24

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software coul

CVE-2019-1907 HIGH
8.8 Aug 21

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote a

CVE-2019-1865 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1864 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0431 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0430 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2015-0718 HIGH
7.5 Mar 03

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) p

CVE-2012-4078 HIGH
8.5 Sep 24

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape se

CVE-2021-1387 HIGH
8.6 Feb 24

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a

CVE-2019-1863 HIGH
8.1 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1632 HIGH
8.0 Jun 20

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an aut

Share

CVE-2021-1592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy