Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-15404
Modified
More InfoOfficial Page
Source-ykramarz@cisco.com
View Known Exploited Vulnerability (KEV) details
Published At-05 Oct, 2018 | 14:29
Updated At-09 Oct, 2019 | 23:35

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
Cisco Systems, Inc.
cisco
>>unified_computing_system_director>>6.6\(0.0\)
cpe:2.3:a:cisco:unified_computing_system_director:6.6\(0.0\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>integrated_management_controller_supervisor>>2.1\(0.0\)
cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.1\(0.0\):*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Primarynvd@nist.gov
CWE-399Secondaryykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dosykramarz@cisco.com
Vendor Advisory
Change History
0Changes found
Details not found