CVE-2021-1592
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/08/2021
Last modified:
07/11/2023
Description
A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:* | 4.0 (including) | 4.0\(4m\) (excluding) |
| cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:* | 4.1 (including) | 4.1\(3e\) (excluding) |
| cpe:2.3:h:cisco:unified_computing_system_64108:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:unified_computing_system_6454:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page