Sign-up

ID

VAR-201801-1045


CVE

CVE-2018-0094


TITLE

Cisco UCS Central Software depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001506

DESCRIPTION

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. Cisco UCS Central The software is vulnerable to resource exhaustion. Vendors have confirmed this vulnerability Bug ID CSCuv34544 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the affected device to consume excessive CPU resources, denying service to legitimate users

Trust: 2.07

sources: NVD: CVE-2018-0094 // JVNDB: JVNDB-2018-001506 // BID: 102787 // VULHUB: VHN-118296 // VULMON: CVE-2018-0094

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system central softwarescope:eqversion:1.4\(1a\)

Trust: 1.6

vendor:ciscomodel:unified computing system central softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs central softwarescope:eqversion:0

Trust: 0.3

sources: BID: 102787 // JVNDB: JVNDB-2018-001506 // CNNVD: CNNVD-201801-625 // NVD: CVE-2018-0094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0094
value: HIGH

Trust: 1.0

NVD: CVE-2018-0094
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201801-625
value: HIGH

Trust: 0.6

VULHUB: VHN-118296
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0094
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0094
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118296
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0094
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118296 // VULMON: CVE-2018-0094 // JVNDB: JVNDB-2018-001506 // CNNVD: CNNVD-201801-625 // NVD: CVE-2018-0094

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-693

Trust: 1.0

sources: VULHUB: VHN-118296 // JVNDB: JVNDB-2018-001506 // NVD: CVE-2018-0094

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-625

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201801-625

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001506

PATCH
title:cisco-sa-20180117-ucsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs
Trust: 0.8
title:Cisco UCS Central Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77805
Trust: 0.6
title:Cisco: Cisco UCS Central Software IPv6 Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180117-ucs
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0094 // 
            
            
            
            JVNDB: JVNDB-2018-001506 // 
            
            
            
            CNNVD: CNNVD-201801-625

EXTERNAL IDS
db:NVDid:CVE-2018-0094
Trust: 2.9
db:BIDid:102787
Trust: 2.1
db:SECTRACKid:1040249
Trust: 1.8
db:JVNDBid:JVNDB-2018-001506
Trust: 0.8
db:CNNVDid:CNNVD-201801-625
Trust: 0.7
db:VULHUBid:VHN-118296
Trust: 0.1
db:VULMONid:CVE-2018-0094
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118296 // 
            
            
            
            VULMON: CVE-2018-0094 // 
            
            
            
            BID: 102787 // 
            
            
            
            JVNDB: JVNDB-2018-001506 // 
            
            
            
            CNNVD: CNNVD-201801-625 // 
            
            
            
            NVD: CVE-2018-0094

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-ucs
Trust: 2.2
url:http://www.securityfocus.com/bid/102787
Trust: 1.9
url:http://www.securitytracker.com/id/1040249
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0094
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0094
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/400.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118296 // 
            
            
            
            VULMON: CVE-2018-0094 // 
            
            
            
            BID: 102787 // 
            
            
            
            JVNDB: JVNDB-2018-001506 // 
            
            
            
            CNNVD: CNNVD-201801-625 // 
            
            
            
            NVD: CVE-2018-0094

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102787

SOURCES
db:VULHUBid:VHN-118296
db:VULMONid:CVE-2018-0094
db:BIDid:102787
db:JVNDBid:JVNDB-2018-001506
db:CNNVDid:CNNVD-201801-625
db:NVDid:CVE-2018-0094

LAST UPDATE DATE
2024-11-23T21:39:52.957000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118296date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0094date:2019-10-09T00:00:00
db:BIDid:102787date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001506date:2018-02-22T00:00:00
db:CNNVDid:CNNVD-201801-625date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0094date:2024-11-21T03:37:30.540

SOURCES RELEASE DATE
db:VULHUBid:VHN-118296date:2018-01-18T00:00:00
db:VULMONid:CVE-2018-0094date:2018-01-18T00:00:00
db:BIDid:102787date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001506date:2018-02-22T00:00:00
db:CNNVDid:CNNVD-201801-625date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0094date:2018-01-18T06:29:00.707