CVE-2021-34736

Published Oct 21, 2021

Last updated a year ago

CVSS high 7.5

Overview

Description: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20
ykramarz@cisco.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c22_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE87B6DD-FDE4-4484-84C7-EAF383EB6BAC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c220_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5368DBDD-B482-4705-A186-6D5B5B21B754"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c220_m4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD45BB8A-BC47-4DFB-9027-93ACF0DA302B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c220_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "855E1346-BACC-4485-9534-7C830FCFD54B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c225_m6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A9C38B65-9A77-40BF-BE77-2B307A0AFC1D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c24_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9403C407-8BE9-416E-94C0-3CB6F732C592"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c240_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1CB75EF7-5889-4D6F-A488-F1EB30596F9F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c240_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F262ADAB-74DC-466B-983A-C49E4BAC22C0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c240_sd_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9768750-2981-4F7B-82B5-8BB64FD5AAD5"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c245_m6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7B319520-A217-4070-ABAF-29DCE6EDB6D2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c260_m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6B63849-1831-4564-9F9C-BDBDA267E9AF"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c3160:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E1C3AF7-DF08-494D-B3FA-001CC9114DC2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c3260:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "22B85A56-2058-42C3-87EF-F9A7DD4726B1"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c420_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CF2C12B1-A75B-450A-BD31-53EF15F1F4A0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c460_m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1311C886-01AA-45DA-9479-0287C935DE91"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c460_m4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6B4CF9E-A757-4F4B-931A-538FC2F5331A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c480_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0D0B0FA5-996F-4F25-8AAB-603CB46175F9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c480_ml_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E829EF2-3BFE-48CD-A0CE-8DFA20440EF7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ucs_c890_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87A68188-3C0E-422A-A674-0E8BF18E7091"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12A905D0-ACBA-453C-A517-CEB0D98E836C",
            "versionEndExcluding": "4.1\\(2g\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2988EA7D-D1B7-4A45-A7E1-F4CDCE8A449B",
            "versionEndExcluding": "4.2\\(1b\\)",
            "versionStartIncluding": "4.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_computing_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DAF0295-8C01-4C4D-842E-46387B239C81",
            "versionEndExcluding": "4.1\\(3e\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References