#VU10109 Denial of service in Cisco UCS Central Software - CVE-2018-0094
Published: January 19, 2018
Vulnerability identifier: #VU10109
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0094
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco UCS Central Software
Cisco UCS Central Software
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in IPv6 ingress packet processing for Cisco UCS Central Software due to insufficient rate limiting protection for IPv6 ingress traffic. A remote attacker can send a high rate of IPv6 packets, trigger CPU and resource constraints and cause the service to crash.
The weakness exists in IPv6 ingress packet processing for Cisco UCS Central Software due to insufficient rate limiting protection for IPv6 ingress traffic. A remote attacker can send a high rate of IPv6 packets, trigger CPU and resource constraints and cause the service to crash.
Remediation
Install update from vendor's website.