A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
03 Sep 2021, 13:50
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
CPE | cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_computing_system_6454:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_computing_system_64108:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy - Patch, Vendor Advisory |
25 Aug 2021, 20:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-25 20:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-1592
Mitre link : CVE-2021-1592
CVE.ORG link : CVE-2021-1592
JSON object : View
Products Affected
cisco
- unified_computing_system_64108
- unified_computing_system
- unified_computing_system_6454