CVE-2018-15404

CWE-399 CWE-770 — Allocation without Limits4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 35.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Unified Computing System Director Cisco Integrated Management Controller Supervisor Cisco Unified Computing System Director

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/integrated_management_controller_supervisor2.1\(0.0\)

▶NVDcisco/unified_computing_system_director6.6\(0.0\)

▶CVEListV5cisco/cisco_unified_computing_system_directorn/a

🔴Vulnerability Details

GHSA

GHSA-v4j9-fcwh-hm62: A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, r↗2022-05-13

▶

CVEList

Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability↗2018-10-03

▶