A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to…
cisco·CWE-664·Published 2020-08-27
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.
Una vulnerabilidad en la CLI de administración local (local-mgmt) de Cisco UCS Manager Software, podría permitir a un atacante local autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a un manejo inapropiado de los parámetros de comando de la CLI. Un atacante podría explotar esta vulnerabilidad mediante la ejecución de comandos específicos en la CLI local-mgmt en un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar que los procesos internos del sistema presenten un fallo para finalizar apropiadamente, lo que podría resultar en una acumulación de procesos atascados y conllevar a una lentitud en el acceso a la CLI de UCS Manager y la Interfaz de Usuario web. Un ataque sostenido puede resultar en un reinicio de los procesos internos de UCS Manager y una pérdida temporal de acceso a la CLI de UCS Manager y la Interfaz de Usuario web
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 2.1 | 3.9 | 2.9 | AV:L/AC:L/Au:N/C:N/I:N/A:P |
| 3.1 | Primary | cve.org | 3.3 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Primary | cve.org | 3.3 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Primary | NVD | 3.3 | 1.8 | 1.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Secondary | NVD | 3.3 | 1.8 | 1.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |