CVE-2018-0094
published 2018-01-18CVE-2018-0094: A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service…
PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.30%
81.1th percentile
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ucs_central | — | — |
| cisco | unified_computing_system_central_software | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco UCS Central Software IPv6 Denial of Service Vulnerability
vendor_cisco·2018-01-17·CVSS 5.3
CVE-2018-0094 [MEDIUM] CWE-693 Cisco UCS Central Software IPv6 Denial of Service Vulnerability
Cisco UCS Central Software IPv6 Denial of Service Vulnerability
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device.
The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201
Cisco
Cisco UCS Central Software IPv6 Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0094 Cisco UCS Central Software IPv6 Denial of Service Vulnerability
CVE-2018-0094: Cisco UCS Central Software IPv6 Denial of Service Vulnerability
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. There are no
CVSS: 3.0
CWE: CWE-693, CWE-693
Bug IDs: CSCuv34544
GHSA
GHSA-62jr-4pg7-4vr2: A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of
ghsa_unreviewed·2022-05-13
CVE-2018-0094 [HIGH] CWE-400 GHSA-62jr-4pg7-4vr2: A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/102787http://www.securitytracker.com/id/1040249https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucshttp://www.securityfocus.com/bid/102787http://www.securitytracker.com/id/1040249https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs
2018-01-18
Published