Vulnerability Name: | CVE-2018-0094 (CCN-137716) | ||||||||||||
Assigned: | 2017-11-27 | ||||||||||||
Published: | 2018-01-17 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
Vulnerability Type: | CWE-400 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-0094 Source: BID Type: Third Party Advisory, VDB Entry 102787 Source: CCN Type: BID-102787 Cisco UCS Central Software CVE-2018-0094 Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040249 Source: XF Type: UNKNOWN cisco-ucs-cve20180094-dos(137716) Source: CCN Type: Cisco Security Advisory cisco-sa-20180117-ucs Cisco UCS Central Software IPv6 Denial of Service Vulnerability Source: CONFIRM Type: Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |