ID
VAR-201502-0157
CVE
CVE-2015-0633
TITLE
C-Series Run on the server Cisco Unified Computing System of Integrated Management Controller Vulnerable to access restrictions
Trust: 0.8
DESCRIPTION
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. Cisco Unified Computing System C-Series are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf52876. There is a security vulnerability in IMC in Cisco UCS 1.4(7h) and earlier versions of C-Series servers
Trust: 2.34
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(1c\) | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(5h\) | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(5g\)2 | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(6d\) | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(5j\) | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(7h\) | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4 | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(7b\)1 | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(2\) | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(7c\)1 | Trust: 1.6 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(4a\) | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(3c\)1 | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(5e\) | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(5g\) | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(3k\) | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(3p\)5 | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(3p\) | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(5b\)1 | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(3s\) | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(4a\)1 | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(3c\)2 | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(3j\) | Trust: 1.0 |
| vendor: | cisco | model: | unified computing system | scope: | eq | version: | 1.4\(6c\) | Trust: 1.0 |
| vendor: | cisco | model: | c200-m1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c200-m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c210-m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c22-m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c220-m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c220-m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c24-m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c240-m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c240-m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c250-m1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c250-m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c260-m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c3160 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c420-m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c420-m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c460-m1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c460-m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | c460-m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | unified computing system software | scope: | lte | version: | 1.4(7h) | Trust: 0.8 |
| vendor: | cisco | model: | unified computing system 2.2 a | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
network
Trust: 0.6
TYPE
Failure to Handle Exceptional Conditions
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633 | Trust: 0.8 |
| title: | 37575 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=37575 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-0633 | Trust: 3.2 |
| db: | BID | id: | 72760 | Trust: 2.1 |
| db: | BID | id: | 85711 | Trust: 2.1 |
| db: | SECTRACK | id: | 1031796 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2015-001628 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201502-457 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-78579 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2015-0633 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/85711 | Trust: 2.5 |
| url: | http://www.securityfocus.com/bid/72760 | Trust: 1.8 |
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0633 | Trust: 1.8 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=37575 | Trust: 1.8 |
| url: | http://www.securitytracker.com/id/1031796 | Trust: 1.8 |
| url: | http://www.cisco.com/ | Trust: 1.2 |
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151210-ucs | Trust: 0.9 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0633 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0633 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Cisco
Trust: 1.2
SOURCES
| db: | VULHUB | id: | VHN-78579 |
| db: | VULMON | id: | CVE-2015-0633 |
| db: | BID | id: | 85711 |
| db: | BID | id: | 72760 |
| db: | JVNDB | id: | JVNDB-2015-001628 |
| db: | CNNVD | id: | CNNVD-201502-457 |
| db: | NVD | id: | CVE-2015-0633 |
LAST UPDATE DATE
2024-11-23T21:54:46.072000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-78579 | date: | 2019-04-15T00:00:00 |
| db: | VULMON | id: | CVE-2015-0633 | date: | 2019-04-15T00:00:00 |
| db: | BID | id: | 85711 | date: | 2019-04-12T19:00:00 |
| db: | BID | id: | 72760 | date: | 2015-03-19T07:34:00 |
| db: | JVNDB | id: | JVNDB-2015-001628 | date: | 2015-02-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201502-457 | date: | 2019-04-19T00:00:00 |
| db: | NVD | id: | CVE-2015-0633 | date: | 2024-11-21T02:23:26.437 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-78579 | date: | 2015-02-26T00:00:00 |
| db: | VULMON | id: | CVE-2015-0633 | date: | 2015-02-26T00:00:00 |
| db: | BID | id: | 85711 | date: | 2015-12-10T00:00:00 |
| db: | BID | id: | 72760 | date: | 2015-02-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-001628 | date: | 2015-02-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201502-457 | date: | 2015-02-28T00:00:00 |
| db: | NVD | id: | CVE-2015-0633 | date: | 2015-02-26T01:59:00.063 |