Vulnerability Details : CVE-2015-0633
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.
Vulnerability category: Input validation
Products affected by CVE-2015-0633
- cpe:2.3:a:cisco:unified_computing_system:1.4\(3j\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(3k\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(5e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(5g\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(5g\)2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(7h\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(1c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(3s\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(4a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(6c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(6d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(3p\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(3p\)5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(5h\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(5j\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(3c\)2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(3c\)1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(4a\)1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(5b\)1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(7b\)1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:1.4\(7c\)1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0633
0.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0633
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:P/A:C |
6.5
|
7.8
|
NIST |
CWE ids for CVE-2015-0633
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0633
-
http://www.securitytracker.com/id/1031796
Cisco Unified Computing System DHCP Bug in Integrated Management Controller Lets Remote Users Access Controls on the Target System - SecurityTracker
-
http://www.securityfocus.com/bid/72760
Cisco Unified Computing System C-Series DHCP Packet Handling Denial of Service Vulnerability
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=37575
Cisco UCS C-Series Integrated Management Controller Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/85711
Cisco Unified Computing System CVE-2015-6415 Denial of Service Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633
Cisco UCS C-Series Integrated Management Controller Denial of Service VulnerabilityVendor Advisory
Jump to