Vulnerability Name:

CVE-2021-34736 (CCN-211757)

Assigned:2021-10-20
Published:2021-10-20
Updated:2021-10-26
Summary:A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-34736

Source: XF
Type: UNKNOWN
cisco-cve202134736-dos(211757)

Source: CCN
Type: Cisco Security Advisory cisco-sa-imc-gui-dos-TZjrFyZh
Cisco Integrated Management Controller GUI Denial of Service Vulnerability

Source: CISCO
Type: Vendor Advisory
20211020 Cisco Integrated Management Controller GUI Denial of Service Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:unified_computing_system:*:*:*:*:*:*:*:* (Version < 4.1(2g))
  • OR cpe:/a:cisco:unified_computing_system:*:*:*:*:*:*:*:* (Version >= 4.2 and < 4.2(1b))
  • AND
  • cpe:/h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c220_m3:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c220_m4:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c220_m5:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c225_m6:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c22_m3:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c240_m3:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c240_m5:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c240_sd_m5:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c245_m6:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c24_m3:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c260_m2:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c3160:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c3260:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c4200:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c420_m3:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c460_m2:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c460_m4:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c480_m5:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c480_ml_m5:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ucs_c890_m5:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:cisco:unified_computing_system:*:*:*:*:*:*:*:* (Version < 4.1(3e))
  • AND
  • cpe:/h:cisco:ucs_s3260:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:integrated_management_controller:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco unified computing system *
    cisco unified computing system *
    cisco ucs c125 m5 -
    cisco ucs c220 m3 -
    cisco ucs c220 m4 -
    cisco ucs c220 m5 -
    cisco ucs c225 m6 -
    cisco ucs c22 m3 -
    cisco ucs c240 m3 -
    cisco ucs c240 m5 -
    cisco ucs c240 sd m5 -
    cisco ucs c245 m6 -
    cisco ucs c24 m3 -
    cisco ucs c260 m2 -
    cisco ucs c3160 -
    cisco ucs c3260 -
    cisco ucs c4200 -
    cisco ucs c420 m3 -
    cisco ucs c460 m2 -
    cisco ucs c460 m4 -
    cisco ucs c480 m5 -
    cisco ucs c480 ml m5 -
    cisco ucs c890 m5 -
    cisco unified computing system *
    cisco ucs s3260 -
    cisco integrated management controller -