Denial of Service Vulnerability in Cisco UCS Central Software
CVE-2018-0094

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Ucs Central Software
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the IPv6 ingress packet processing of Cisco UCS Central Software. This flaw could empower an unauthenticated, remote attacker to induce a denial of service (DoS) situation by overwhelming the targeted device with a high volume of IPv6 packets, consequently leading to significant CPU utilization and resource exhaustion. The root cause is attributed to inadequate rate limiting for IPv6 ingress traffic, allowing for potential exploitation by malicious users.

Affected Version(s)

Cisco UCS Central Software Cisco UCS Central Software

References

http://www.securitytracker.com/id/1040249
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102787
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.