First published: Fri Oct 05 2018(Updated: )
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Computing System Director | =6.6\(0.0\) | |
Cisco Integrated Management Controller Supervisor | =2.1\(0.0\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2018-15404.
CVE-2018-15404 has a severity rating of 6.5 (medium).
CVE-2018-15404 affects Cisco Unified Computing System Director 6.6(0.0) and Cisco Integrated Management Controller Supervisor 2.1(0.0).
An attacker can exploit CVE-2018-15404 by causing a denial of service (DoS) condition on an affected system.
Yes, Cisco has released a fix for CVE-2018-15404. Please refer to the Cisco Security Advisory for more information.