What is the severity of CVE-2020-3504?

CVE-2020-3504 has a severity rating of medium, indicating potential impact from a denial of service condition.

How do I fix CVE-2020-3504?

To fix CVE-2020-3504, it is recommended to update your Cisco UCS Manager Software to the latest version provided by Cisco.

What causes the vulnerability CVE-2020-3504?

CVE-2020-3504 is caused by improper handling of command parameters in the local management CLI of Cisco UCS Manager Software.

Who is affected by CVE-2020-3504?

The CVE-2020-3504 vulnerability affects devices running Cisco UCS Manager Software.

What type of attack is possible with CVE-2020-3504?

CVE-2020-3504 can be exploited by an authenticated, local attacker to cause a denial of service (DoS) condition.

Vulnerability/
CVE-2020-3504

low

3.3

CWE

400 664

27/8/2020

13/11/2024

CVE-2020-3504: Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

First published: Thu Aug 27 2020(Updated: )

A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Extensible Operating System
Cisco Firepower 1010
Cisco Firepower 1120
Cisco Firepower 1140
Cisco Firepower 1150
Cisco Firepower 2110
Cisco Firepower 2120
Cisco Firepower 2130
Cisco Firepower 2140
Cisco Firepower 4110 Next-Generation Firewall
Cisco Firepower 4112 Firmware
Cisco Firepower 4115
Cisco Firepower 4120 Next-Generation Firewall
Cisco Firepower 4125 firmware
Cisco Firepower 4140 Next-Generation Firewall
Cisco Firepower 4145 firmware
Cisco Firepower 4150 Next-Generation Firewall
Cisco Firepower 9300 firmware
Cisco NX-OS
Cisco MDS 9100
Cisco MDS 9200
Cisco MDS 9500
Cisco MDS 9700
Cisco Nexus 1000V
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 3016Q Firmware
Cisco Nexus 3048 Firmware
Cisco Nexus 3064 Firmware
Cisco Nexus 3064
Cisco Nexus 31108PC-V Firmware
Cisco Nexus 31108TC-V Firmware
Cisco Nexus 31128PQ
Cisco Nexus 3132C-Z Firmware
Cisco Nexus 3132Q-XL
Cisco Nexus 3132Q-V Firmware
Cisco Nexus 3132Q-XL Firmware
Cisco Nexus 3164Q Firmware
Cisco Nexus 3172 Firmware
Cisco Nexus 3172PQ-XL Firmware
Cisco Nexus 3172TQ Firmware
Cisco Nexus 3172TQ-XL
Cisco Nexus 3172TQ-XL Firmware
Cisco Nexus 3232C
Cisco Nexus 3264C-E Firmware
Cisco Nexus 3264Q Firmware
Cisco Nexus 3408-S Firmware
Cisco Nexus 34180YC Firmware
Cisco Nexus 3432D-S Firmware
Cisco Nexus 3464C Firmware
Cisco Nexus 3524-xl
Cisco Nexus 3524-xl
Cisco Nexus 3524-XL Firmware
Cisco Nexus 3548-X/XL Firmware
Cisco Nexus 3548-X/XL
Cisco Nexus 3548-X/XL
Cisco Nexus 36180YC-R Firmware
Cisco Nexus 3636C-R Firmware
Cisco Nexus 5548P Firmware
Cisco Nexus 5548UP Firmware
Cisco Nexus 5596T Firmware
Cisco Nexus 5596UP Firmware
Cisco 56128p
Cisco Nexus 5624Q Firmware
Cisco Nexus 5648Q Firmware
Cisco Nexus 5672UP-16G
Cisco Nexus 5696Q Firmware
Cisco Nexus 6001 Firmware
Cisco Nexus 6004 Firmware
Cisco Nexus 7000
Cisco Nexus 7700 series
Cisco NX-OS Nexus 9000 Series
Cisco Nexus 92160YC Switch
Cisco Nexus 92300YC Firmware
Cisco Nexus 92304QC Switch
Cisco Nexus 92348GC-X Switch
Cisco Nexus 9236C Switch
Cisco Nexus 9272Q Switch
Cisco Nexus
Cisco Nexus 93108TC-FX Switch
Cisco Nexus 93120TX Firmware
Cisco Nexus 93128 Firmware
Cisco Nexus 93180LC-EX Switch
Cisco Nexus 93180YC-EX-24
Cisco Nexus 93180YC-FX Firmware
Cisco Nexus 93216TC-FX2 Firmware
Cisco Nexus 93240YC-FX2 Firmware
Cisco Nexus 9332C Firmware
Cisco Nexus 9332PQ Firmware
Cisco Nexus 93360YC-FX2
Cisco Nexus 9336C-FX2 Firmware
Cisco Nexus N9336PQ-X
Cisco Nexus 9348GC-FXP Firmware
Cisco Nexus 9364c-h1
Cisco Nexus 9372PX-E
Cisco Nexus 9372PX-E Firmware
Cisco Nexus 9372TX
Cisco Nexus 9372TX-E Switch
Cisco Nexus 9396PX Firmware
Cisco Nexus 9396TX Firmware
Cisco Nexus 9504 firmware
Cisco Nexus 9508
Cisco Nexus 9516 firmware
Cisco UCS 6248UP
Cisco UCS 6296UP
Cisco UCS 6300 firmware
Cisco UCS 6324 firmware
Cisco NX-OS	>=4.0<4.0\(4i\)
Cisco UCS 64108
Cisco UCS 6454 Fabric Interconnect

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe

Frequently Asked Questions

What is the severity of CVE-2020-3504?
CVE-2020-3504 has a severity rating of medium, indicating potential impact from a denial of service condition.
How do I fix CVE-2020-3504?
To fix CVE-2020-3504, it is recommended to update your Cisco UCS Manager Software to the latest version provided by Cisco.
What causes the vulnerability CVE-2020-3504?
CVE-2020-3504 is caused by improper handling of command parameters in the local management CLI of Cisco UCS Manager Software.
Who is affected by CVE-2020-3504?
The CVE-2020-3504 vulnerability affects devices running Cisco UCS Manager Software.
What type of attack is possible with CVE-2020-3504?
CVE-2020-3504 can be exploited by an authenticated, local attacker to cause a denial of service (DoS) condition.