CVE-2020-3504

CVE Database · CVE-2020-3504

CVE-2020-3504

· LOWModified

CVSS v3.1

3.3

EPSS

0.26%

Published

Aug 27, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-664CWE-400

Affected Products (109)

cisco · firepower_extensible_operating_systemvulnerable

cisco · firepower_1010

cisco · firepower_1120

cisco · firepower_1140

cisco · firepower_1150

cisco · firepower_2110

cisco · firepower_2120

cisco · firepower_2130

cisco · firepower_2140

cisco · firepower_4110

cisco · firepower_4112

cisco · firepower_4115

cisco · firepower_4120

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs