Vulnslist

find the latest Cisco vulnerabilities

Cisco UCS B-Series Blade Servers Denial of Service Vulnerability

cisco-sa-20151006-ucs · Medium · Published · Updated

A vulnerability in Cisco Unified Computing System (UCS) B-Series blade servers could allow an unauthenticated, local attacker to cause the host operating system or Baseboard Management Controller (BMC) to hang. The vulnerability is due to how the various components communicate across the Inter-IC (I2C) bus. An attacker could exploit this vulnerability by sending specific I2C packets. An exploit could allow the attacker to cause disruption to the host, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151006-ucs

Cisco advisory · CSAF JSON

Workarounds

If connection to the Cisco Integrated Management Controller (CIMC) is alive, resetting the blade power will recover the blade. If CIMC is in a unresponsive "hanging" state or resetting blade power does not resolve the issue, resetting the slot will recover the blade.

CVEsCVE-2015-4265
Cisco Bug IDsCSCuq77241
CVSS ScoreBase 4.9
Base 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco UCS B-Series Blade Server Software, UCS B-Series Blade Server Software

Related Products

Product CVE Evidence
UCS B-Series Blade Server Software CVE-2015-4265 Cisco OpenVuln
Cisco UCS B-Series Blade Server Software CVE-2015-4265 Cisco OpenVuln