CVE-2015-0633: Input Validation
First published: Thu Feb 26 2015(Updated: )
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Computing System software | =1.4 | |
| Cisco Unified Computing System software | =1.4\(1c\) | |
| Cisco Unified Computing System software | =1.4\(2\) | |
| Cisco Unified Computing System software | =1.4\(3c\)1 | |
| Cisco Unified Computing System software | =1.4\(3c\)2 | |
| Cisco Unified Computing System software | =1.4\(3j\) | |
| Cisco Unified Computing System software | =1.4\(3k\) | |
| Cisco Unified Computing System software | =1.4\(3p\) | |
| Cisco Unified Computing System software | =1.4\(3p\)5 | |
| Cisco Unified Computing System software | =1.4\(3s\) | |
| Cisco Unified Computing System software | =1.4\(4a\) | |
| Cisco Unified Computing System software | =1.4\(4a\)1 | |
| Cisco Unified Computing System software | =1.4\(5b\)1 | |
| Cisco Unified Computing System software | =1.4\(5e\) | |
| Cisco Unified Computing System software | =1.4\(5g\) | |
| Cisco Unified Computing System software | =1.4\(5g\)2 | |
| Cisco Unified Computing System software | =1.4\(5h\) | |
| Cisco Unified Computing System software | =1.4\(5j\) | |
| Cisco Unified Computing System software | =1.4\(6c\) | |
| Cisco Unified Computing System software | =1.4\(6d\) | |
| Cisco Unified Computing System software | =1.4\(7b\)1 | |
| Cisco Unified Computing System software | =1.4\(7c\)1 | |
| Cisco Unified Computing System software | =1.4\(7h\) | |
| Cisco C200 M1 | ||
| Cisco UCS C200 M2 | ||
| Cisco UCS C210 M2 | ||
| Cisco UCS C22 M3 | ||
| Cisco UCS C220 M3 | ||
| Cisco UCS C220 M4 Rack Server | ||
| Cisco c24 m3 | ||
| Cisco UCS C240 M3 | ||
| Cisco UCS C240 M4 | ||
| Cisco UCS C250 M1 | ||
| Cisco UCS C250 M2 | ||
| Cisco UCS C260 M2 | ||
| Cisco UCS C3160 | ||
| Cisco UCS C420 M2 | ||
| Cisco UCS C420 M3 | ||
| Cisco UCS C460 M1 | ||
| Cisco UCS C460 M2 | ||
| Cisco UCS C460 M4 Rack Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0633?
CVE-2015-0633 has been assigned a high severity rating due to its potential to allow unauthorized access to the Integrated Management Controller.
How do I fix CVE-2015-0633?
To fix CVE-2015-0633, upgrade your Cisco Unified Computing System software to the latest version that addresses this vulnerability.
What are the affected systems by CVE-2015-0633?
CVE-2015-0633 affects Cisco Unified Computing System software versions 1.4 and earlier on C-Series servers.
Can CVE-2015-0633 be exploited remotely?
Yes, CVE-2015-0633 can be exploited remotely by attackers on the local network through crafted DHCP response packets.
What is the impact of CVE-2015-0633?
The primary impact of CVE-2015-0633 is the potential bypass of access restrictions on the Integrated Management Controller.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified computing system software
- version/cisco unified computing system software/1.4
- version/cisco unified computing system software/1.4\(1c\)
- version/cisco unified computing system software/1.4\(2\)
- version/cisco unified computing system software/1.4\(3c\)1
- version/cisco unified computing system software/1.4\(3c\)2
- version/cisco unified computing system software/1.4\(3j\)
- version/cisco unified computing system software/1.4\(3k\)
- version/cisco unified computing system software/1.4\(3p\)
- version/cisco unified computing system software/1.4\(3p\)5
- version/cisco unified computing system software/1.4\(3s\)
- version/cisco unified computing system software/1.4\(4a\)
- version/cisco unified computing system software/1.4\(4a\)1
- version/cisco unified computing system software/1.4\(5b\)1
- version/cisco unified computing system software/1.4\(5e\)
- version/cisco unified computing system software/1.4\(5g\)
- version/cisco unified computing system software/1.4\(5g\)2
- version/cisco unified computing system software/1.4\(5h\)
- version/cisco unified computing system software/1.4\(5j\)
- version/cisco unified computing system software/1.4\(6c\)
- version/cisco unified computing system software/1.4\(6d\)
- version/cisco unified computing system software/1.4\(7b\)1
- version/cisco unified computing system software/1.4\(7c\)1
- version/cisco unified computing system software/1.4\(7h\)
- canonical/cisco c200 m1
- canonical/cisco ucs c200 m2
- canonical/cisco ucs c210 m2
- canonical/cisco ucs c22 m3
- canonical/cisco ucs c220 m3
- canonical/cisco ucs c220 m4 rack server
- canonical/cisco c24 m3
- canonical/cisco ucs c240 m3
- canonical/cisco ucs c240 m4
- canonical/cisco ucs c250 m1
- canonical/cisco ucs c250 m2
- canonical/cisco ucs c260 m2
- canonical/cisco ucs c3160
- canonical/cisco ucs c420 m2
- canonical/cisco ucs c420 m3
- canonical/cisco ucs c460 m1
- canonical/cisco ucs c460 m2
- canonical/cisco ucs c460 m4 rack server