CVE-2015-0633Improper Input Validation in Cisco Unified Computing System

CWE-20Improper Input Validation4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 49.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedFeb 26
Latest updateMay 14

Description

The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.

CVSS vector

AV:A/AC:L/C:N/I:P/A:CExploitability: 6.5 | Impact: 7.8

Affected Packages1 packages

NVDcisco/unified_computing_system23 versions+22

🔴Vulnerability Details

2
GHSA
GHSA-w33q-rw95-475p: The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 12022-05-14
CVEList
CVE-2015-0633: The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 12015-02-26

📋Vendor Advisories

1
Cisco
Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability2015-02-25
CVE-2015-0633 — Improper Input Validation in Cisco | cvebase