CVE-2021-34736: Cisco Integrated Management Controller GUI Denial of Service Vulnerability
First published: Thu Oct 21 2021(Updated: )
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Computing System | <4.1\(2g\) | |
| Cisco Unified Computing System | >=4.2<4.2\(1b\) | |
| Cisco Ucs C125 M5 | ||
| Cisco Ucs C22 M3 | ||
| Cisco Ucs C220 M3 | ||
| Cisco Ucs C220 M4 | ||
| Cisco Ucs C220 M5 | ||
| Cisco Ucs C225 M6 | ||
| Cisco Ucs C24 M3 | ||
| Cisco Ucs C240 M3 | ||
| Cisco Ucs C240 M5 | ||
| Cisco Ucs C240 Sd M5 | ||
| Cisco Ucs C245 M6 | ||
| Cisco Ucs C260 M2 | ||
| Cisco Ucs C3160 | ||
| Cisco Ucs C3260 | ||
| Cisco Ucs C420 M3 | ||
| Cisco Ucs C4200 | ||
| Cisco Ucs C460 M2 | ||
| Cisco Ucs C460 M4 | ||
| Cisco Ucs C480 M5 | ||
| Cisco Ucs C480 Ml M5 | ||
| Cisco Ucs C890 M5 | ||
| Cisco Unified Computing System | <4.1\(3e\) | |
| Cisco Ucs S3260 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco IMC Software vulnerability?
The vulnerability ID for this Cisco IMC Software vulnerability is CVE-2021-34736.
What is the severity level of CVE-2021-34736?
The severity level of CVE-2021-34736 is high with a score of 7.5.
What is the affected software for CVE-2021-34736?
The affected software for CVE-2021-34736 is Cisco Unified Computing System with versions up to 4.1(2g) and 4.1(3e), and Cisco UCS C420 M3 with no vulnerabilities.
How can an unauthenticated, remote attacker exploit this vulnerability?
An unauthenticated, remote attacker can exploit this vulnerability by causing the web-based management interface of Cisco IMC Software to unexpectedly restart.
How can I fix this vulnerability in Cisco IMC Software?
To fix this vulnerability in Cisco IMC Software, it is recommended to upgrade to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco unified computing system
- version/cisco unified computing system/4.2
- canonical/cisco ucs c125 m5
- canonical/cisco ucs c22 m3
- canonical/cisco ucs c220 m3
- canonical/cisco ucs c220 m4
- canonical/cisco ucs c220 m5
- canonical/cisco ucs c225 m6
- canonical/cisco ucs c24 m3
- canonical/cisco ucs c240 m3
- canonical/cisco ucs c240 m5
- canonical/cisco ucs c240 sd m5
- canonical/cisco ucs c245 m6
- canonical/cisco ucs c260 m2
- canonical/cisco ucs c3160
- canonical/cisco ucs c3260
- canonical/cisco ucs c420 m3
- canonical/cisco ucs c4200
- canonical/cisco ucs c460 m2
- canonical/cisco ucs c460 m4
- canonical/cisco ucs c480 m5
- canonical/cisco ucs c480 ml m5
- canonical/cisco ucs c890 m5
- canonical/cisco ucs s3260