CVE-2021-34736
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.
Affected (3)
Products: Cisco: Unified Computing System
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.1\(2g\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Ucs C125 M5 | All versions |
Cisco Ucs C220 M3 | All versions |
Cisco Ucs C220 M4 | All versions |
Cisco Ucs C220 M5 | All versions |
Cisco Ucs C225 M6 | All versions |
Cisco Ucs C22 M3 | All versions |
Cisco Ucs C240 M3 | All versions |
Cisco Ucs C240 M5 | All versions |
Cisco Ucs C240 Sd M5 | All versions |
Cisco Ucs C245 M6 | All versions |
Cisco Ucs C24 M3 | All versions |
Cisco Ucs C260 M2 | All versions |
Cisco Ucs C3160 | All versions |
Cisco Ucs C3260 | All versions |
Cisco Ucs C4200 | All versions |
Cisco Ucs C420 M3 | All versions |
Cisco Ucs C460 M2 | All versions |
Cisco Ucs C460 M4 | All versions |
Cisco Ucs C480 M5 | All versions |
Cisco Ucs C480 Ml M5 | All versions |
Cisco Ucs C890 M5 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.1\(3e\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Ucs S3260 | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.