Denial of service in Cisco UCS Central Software - CVE-2018-0094
Published: January 19, 2018
Vulnerability identifier: #VU10109
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0094
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco UCS Central Software
Cisco UCS Central Software
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in IPv6 ingress packet processing for Cisco UCS Central Software due to insufficient rate limiting protection for IPv6 ingress traffic. A remote attacker can send a high rate of IPv6 packets, trigger CPU and resource constraints and cause the service to crash.
The weakness exists in IPv6 ingress packet processing for Cisco UCS Central Software due to insufficient rate limiting protection for IPv6 ingress traffic. A remote attacker can send a high rate of IPv6 packets, trigger CPU and resource constraints and cause the service to crash.
How to mitigate CVE-2018-0094
Install update from vendor's website.