CVE-2021-1592Improper Control of a Resource Through its Lifetime in Cisco Unified Computing System

CWE-664Improper Control of a Resource Through its LifetimeCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 38.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Computing SystemCisco Unified Computing System
Timeline
PublishedAug 25
Latest updateMay 24

Description

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager so

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/unified_computing_system4.04.0\(4m\)+1

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-g536-3jmm-mp33: A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service2022-05-24
CVEList
Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability2021-08-25

📋Vendor Advisories

1
Cisco
Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability2021-08-25
CVE-2021-1592 — Cisco vulnerability | cvebase