Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

cisco-sa-20140908-ucse · High · Published · Updated

A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected. Cisco has released software updates that address this vulnerability This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse

Cisco advisory ·CSAF JSON

Workarounds

No workarounds are available.

Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35308http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35308

CVEsCVE-2014-3348
Cisco Bug IDsCSCuo69206
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Unified Computing System E-Series Software (UCSE)

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2014-3348 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2014-3348 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2014-3348 Cisco OpenVuln
Cisco Unified Computing System E-Series Software (UCSE) CVE-2014-3348 Cisco OpenVuln