Cisco Unified Computing System (UCS) Software Vulnerability - CVE-2018-0113 Cisco Unified Computing System (UCS) software may be vulnerable to an unauthenticated remote denial of service (DoS) attack. Successful exploitation of this vulnerability may result in a temporary disruption of service for users. Cisco is aware of limited, targeted attacks that may be taking place in Industrial and enterprise environments. The majority of these attacks are likely occurring in SMB environments. Available mitigations for this vulnerability are Cisco UCS C-Series virtual machines and virtual disk configurations. Cisco UCS C-Series virtual machines and virtual disk configurations are recommended for all customers running Cisco Unified Computing Systems. Cisco UCS is available in multiple server configurations, each with varying levels of security, performance, and redundancy. The following UCS server models are known to be vulnerable: - UCS C210 M2 - UCS C200 M2 The following virtual disk configurations are known to be vulnerable: - Cisco Unified Computing XCV series for C210 M2 - Cisco Unified Computing XCV series for C200 M2 - Cisco Unified Computing XC series for C210 MX - Cisco Unified Computing XC series for C200 MX - Cisco Unified Computing XM series for C210 M2 - Cisco Unified Computing XM series for C200 M2 - Cisco Unified Computing XM series for C210 M3 - Cisco Unified Computing XM series for C200 M3 - Cisco Unified Computing XI series for C210 M3 - Cisco Unified
Cisco Unified Computing Software Vulnerability - CVE-2018-0111
The vulnerability is due to insufficient authentication for the Cisco UCS C-Series Servers. A remote unauthenticated attacker may exploit this vulnerability by using a low-privilege account, such as "guest" or "service", to access the management interface of a vulnerable system, and then use that account to issue commands on behalf of an administrator.
Information disclosure vulnerability
The vulnerability is due to insufficient input validation. An attacker may exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to cause memory corruption, leading to a denial of service condition or information disclosure on the target system.
Overview of this vulnerability
Systems with affected software may be vulnerable to attack from an unauthenticated remote device. Exploitation of these vulnerabilities may result in a temporary disruption of service for users. This vulnerability affects all Cisco UCS 6200 Series, 5400 Series, and 5000 Series systems running UCS Software Release 9.4(1) or later, and all Cisco UCS 6100 Series Enterprise Servers running UCS Software Release 9.4(1).
Cisco has released software updates that address the vulnerability at https://www.cisco.com/c/en/us/products/systems-convergence-server-storage-network-virtualization/ucs-software-9x/.
This is a denial of service (DoS) vulnerability that could potentially affect your system if exploited by an attacker. Cisco is aware of limited, targeted attacks that are occurring in Industrial and enterprise environments.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/20/2022 15:11:00 UTC