Vulnerability identifier: #VU55233
Vulnerability risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Cisco Intersight Virtual Appliance
Server applications /
Other server solutions
Vendor:
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to insufficient restrictions for IPv6 packets that are received on the external management interface. A remote attacker on the local network can access sensitive internal services and make configuration changes on the affected device.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.