Details of VAR-201810-0620

ID

VAR-201810-0620

CVE

CVE-2018-15404

TITLE

Cisco Integrated Management Controller Supervisor and UCS Director Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010858

DESCRIPTION

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition. Multiple Cisco Products are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvj95431 and CSCvk10284. UCS Director Software is a converged infrastructure management solution

Trust: 1.98

sources: NVD: CVE-2018-15404 // JVNDB: JVNDB-2018-010858 // BID: 105707 // VULHUB: VHN-125660

AFFECTED PRODUCTS

vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	2.1\(0.0\)	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	6.6\(0.0\)	Trust: 1.6
vendor:	cisco	model:	integrated management controller supervisor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system director	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs director	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	integrated management controller supervisor software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105707 // JVNDB: JVNDB-2018-010858 // CNNVD: CNNVD-201810-195 // NVD: CVE-2018-15404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15404
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15404
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-195
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125660
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15404
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125660
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15404
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125660 // JVNDB: JVNDB-2018-010858 // CNNVD: CNNVD-201810-195 // NVD: CVE-2018-15404

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-770	Trust: 1.1

sources: VULHUB: VHN-125660 // JVNDB: JVNDB-2018-010858 // NVD: CVE-2018-15404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-195

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-195

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010858

PATCH

title:	cisco-sa-20181003-imcs-ucsd-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos	Trust: 0.8
title:	Cisco Integrated Management Controller Supervisor and UCS Director Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85409	Trust: 0.6

sources: JVNDB: JVNDB-2018-010858 // CNNVD: CNNVD-201810-195

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15404	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-010858	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-195	Trust: 0.7
db:	BID	id:	105707	Trust: 0.3
db:	VULHUB	id:	VHN-125660	Trust: 0.1

sources: VULHUB: VHN-125660 // BID: 105707 // JVNDB: JVNDB-2018-010858 // CNNVD: CNNVD-201810-195 // NVD: CVE-2018-15404

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-imcs-ucsd-dos	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15404	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15404	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125660 // BID: 105707 // JVNDB: JVNDB-2018-010858 // CNNVD: CNNVD-201810-195 // NVD: CVE-2018-15404

CREDITS

Cisco

Trust: 0.3

sources: BID: 105707

SOURCES

db:	VULHUB	id:	VHN-125660
db:	BID	id:	105707
db:	JVNDB	id:	JVNDB-2018-010858
db:	CNNVD	id:	CNNVD-201810-195
db:	NVD	id:	CVE-2018-15404

LAST UPDATE DATE

2024-11-23T22:41:40.135000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125660	date:	2019-10-09T00:00:00
db:	BID	id:	105707	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-010858	date:	2018-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-195	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15404	date:	2024-11-21T03:50:43.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125660	date:	2018-10-05T00:00:00
db:	BID	id:	105707	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-010858	date:	2018-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-195	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15404	date:	2018-10-05T14:29:08.793