What is the vulnerability ID of this Cisco UCS Manager vulnerability?

The vulnerability ID is CVE-2021-1592.

What is the severity rating of CVE-2021-1592?

The severity rating of CVE-2021-1592 is medium (4.3).

Vulnerability/
CVE-2021-1592

medium

4.3

CWE

770 664

25/8/2021

7/11/2024

CVE-2021-1592: Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability

Q: How does this vulnerability impact Cisco UCS Manager software?

This vulnerability could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Q: What is the root cause of this vulnerability?

The vulnerability is due to improper resource management for established SSH sessions.

Q: Where can I find more information about CVE-2021-1592?

You can find more information about CVE-2021-1592 in the Cisco Security Advisory: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy).

First published: Wed Aug 25 2021(Updated: )

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Unified Computing System	>=4.0<4.0\(4m\)
Cisco Unified Computing System	>=4.1<4.1\(3e\)
Cisco Unified Computing System 64108
Cisco Unified Computing System 6454

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy

Frequently Asked Questions

What is the vulnerability ID of this Cisco UCS Manager vulnerability?
The vulnerability ID is CVE-2021-1592.
What is the severity rating of CVE-2021-1592?
The severity rating of CVE-2021-1592 is medium (4.3).
How does this vulnerability impact Cisco UCS Manager software?
This vulnerability could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
What is the root cause of this vulnerability?
The vulnerability is due to improper resource management for established SSH sessions.
Where can I find more information about CVE-2021-1592?
You can find more information about CVE-2021-1592 in the Cisco Security Advisory: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy).

collector/nvd-index
agent/type
agent/weakness
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/references
agent/author
agent/title
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/cisco
canonical/cisco unified computing system
version/cisco unified computing system/4.0
version/cisco unified computing system/4.1
canonical/cisco unified computing system 64108
canonical/cisco unified computing system 6454

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.