SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Unified Computing System Vendors:   Cisco
Cisco Unified Computing System E-Series Blade Servers SSH Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1030813
SecurityTracker URL:  http://securitytracker.com/id/1030813
CVE Reference:   CVE-2014-3348   (Links to External Site)
Date:  Sep 8 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): E-Series Blade Servers; Cisco IMC versions prior to 2.3.1
Description:   A vulnerability was reported in Cisco Unified Computing System E-Series Blade Servers. A remote user can cause denial of service conditions.

A remote user can send a specially crafted SSH packet to the SSH service on the target Cisco Integrated Management Controller (Cisco IMC) to cause the Cisco IMC to become unresponsive.

The operating system running on the target blade is not affected.

The Cisco IMC cannot be restarted from the IOS command line interface or via IPMI.

To return the system to normal operation, the target E-Series Server likely must be restarted by switching the blade's power switch or by restarting the ISR G2 router that the device is installed in.

The vendor has assigned bug ID CSCuo69206 to this vulnerability.

Impact:   A remote user can cause the target Cisco IMC to become unresponsive.
Solution:   The vendor has issued a fix (2.3.1).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

Advisory ID: cisco-sa-20140908-ucse

Revision 1.0

For Public Release 2014 September 8 16:00  UTC (GMT)
+--------------------------------------------------------------------

Summary
=======

A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.

The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUDccEAAoJEIpI1I6i1Mx380EQAJZ/vFS3FAVaZRj/ylDlZEoN
rTNQmIXP/8M+gXHUVZQPF5BKXeHOqdEyA+AKOhgttLpuYfIyi/7oYhU9vETWs1dh
4d8/6QG2+6ImYfig8KS8oartWgVyifq389PqprXK1QhuKhU30DgEAV+2nvTDe46n
5XAaQ2mbey47dmdfFkrLNIjpdkjyx07ibj7yaHwsQY0plDH3ldTEIV+Ca1AnA/Dj
J9ECXHnWVoqlS3WXPrXWeFLj9OJM+Htq84rYJb1Uc7EoxTUz8NwFmNUzY93esYBJ
gev4l6rQHy/m70fPdBXbfuSr4UwsQA4FYjfF60924IPZ63EYsnFICC14doci7CjT
JzZ3lyvnmFbiQ/OOdwRTsJjD0knGq5FBAF9WUFfZ3KVnXcq62ztMlCE2BscSZz0/
Yw0wnFrPwmz0VqXJxs+TUeDyq2w/cS8piWO5+XkYTc3dmmRNzf5N0tXE7vekWKhX
pmZfaoviY6LoJjzN8BsBTvJ8slAI8ldJ10cEVuuFB3CQSalYrspH8bKXAsu+5T6v
4CoQuwB7alb3l/RUqthpR9uakV6FLG2jVi4WkgcBaPrz7FLo+4k3z6WpLcUXBUpK
81zTK1c2iWhbPEil1zLEHaEwWm4hPp1qAeWEuQH4ahBLbl/pxwXD/xX3vZdDD7Ed
HvavuCQ1ZhZRr6nR+EUq
=Ydqd
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC