Lucene search

CiscoCVE-2024-20344

HistoryFeb 29, 2024 - 1:43 a.m.

CVE-2024-20344

2024-02-2901:43:59

CWE-400

cisco

web.nvd.nist.gov

cve-2024-20344

vulnerability

cisco

ucs

fabric interconnects

intersight managed mode

dos

denial of service

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.5

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device.

This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unified Computing System (Managed)",
    "versions": [
      {
        "version": "N/A",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfi-imm-syn-p6kZTDQC

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-20344