CVE-2021-1354
published 2021-02-04CVE-2021-1354: A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent…
PriorityP415low3.5CVSS 3.1
AVAACLPRLUINSUCLINAN
EPSS
0.42%
33.3th percentile
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_unified_computing_system_central_software | — | — |
| cisco | unified_computing_system_central | — | — |
| cisco | unified_computing_system_central_software | < 2.0\(1m\) | 2.0\(1m\) |
CVSS provenance
nvdv3.13.5LOWCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.7LOWAV:A/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: can: mcba_usb: fix memory leak in mcba_usb
vendor_redhat·2024-05-21·CVSS 5.5
CVE-2021-47231 [MEDIUM] CWE-402 kernel: can: mcba_usb: fix memory leak in mcba_usb
kernel: can: mcba_usb: fix memory leak in mcba_usb
In the Linux kernel, the following vulnerability has been resolved:
can: mcba_usb: fix memory leak in mcba_usb
Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS
Analyzer Tool. The problem was in unfreed usb_coherent.
In mcba_usb_start() 20 coherent buffers are allocated and there is
nothing, that frees them:
1) In callback function the urb is resubmitted and that's all
2) In disconnect function urbs are simply killed, but URB_FREE_BUFFER
is not set (see mcba_usb_start) and this flag cannot be used with
coherent buffers.
Fail log:
| [ 1354.053291][ T8413] mcba_usb 1-1:0.0 can0: device disconnected
| [ 1367.059384][ T8420] kmemleak: 20 new suspected memory leaks (see /sys/kernel/debug/kmem)
So, all allocated buffers shou
Cisco
Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
vendor_cisco·2021-02-03·CVSS 4.3
CVE-2021-1354 [MEDIUM] CWE-295 Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM).
This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is availab
Cisco
Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
vendor_cisco·CVSS 3.1
CVE-2021-1354 Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
CVE-2021-1354: Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-295, CWE-295
Bug IDs: CSCvw35850
GHSA
GHSA-grv9-44cv-g58h: A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacen
ghsa_unreviewed·2022-05-24
CVE-2021-1354 [LOW] CWE-295 GHSA-grv9-44cv-g58h: A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacen
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-04
Published