{ "document": { "acknowledgments": [ { "summary": "This vulnerability was found by Art Kalmykov of Cisco during internal security testing." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "notes": [ { "category": "summary", "title": "Summary", "text": "A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n" }, { "category": "general", "title": "Vulnerable Products", "text": "At the time of publication, this vulnerability affected Cisco UCS 6400 Series Fabric Interconnects if they were running a vulnerable release of Cisco UCS Manager Software.\r\n\r\nFor information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software [\"#fs\"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information." }, { "category": "general", "title": "Products Confirmed Not Vulnerable", "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nFirepower 1000 Series\r\nFirepower 2100 Series\r\nFirepower 4100 Series\r\nFirepower 9300 Security Appliances\r\nMDS 9000 Series Multilayer Switches\r\nNexus 1000 Virtual Edge for VMware vSphere\r\nNexus 1000V Switch for Microsoft Hyper-V\r\nNexus 1000V Switch for VMware vSphere\r\nNexus 3000 Series Switches\r\nNexus 5500 Platform Switches\r\nNexus 5600 Platform Switches\r\nNexus 6000 Series Switches\r\nNexus 7000 Series Switches\r\nNexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode\r\nNexus 9000 Series Switches in standalone NX-OS mode\r\nUCS 6200 Series Fabric Interconnects\r\nUCS 6300 Series Fabric Interconnects" }, { "category": "general", "title": "Indicators of Compromise", "text": "Exploitation of this vulnerability can result in a buildup of stuck ucssh processes that were not terminated correctly. To see the list of ucssh processes, use the show processes | include ucssh command on the local-mgmt CLI, as shown in the following example:\r\n\r\n\r\nUCS-FI-A(local-mgmt)# show processes | include ucssh\r\n18795 root 20 0 160232 39056 7412 R 3.7 0.1 0:17.98 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n19390 root 20 0 160228 39600 7960 R 3.7 0.1 0:14.82 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n20838 root 20 0 160232 39600 7412 R 3.7 0.1 0:12.21 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n21923 root 20 0 160228 39600 7960 R 3.7 0.1 0:10.33 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n13744 root 20 0 160232 39056 7412 R 3.5 0.1 0:25.62 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n14990 root 20 0 160228 39600 7960 R 3.5 0.1 0:23.49 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n16234 root 20 0 160232 39600 7412 R 3.5 0.1 0:21.73 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n17436 root 20 0 160232 39056 7960 R 3.5 0.1 0:19.03 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin\r\n.\r\n.\r\n." }, { "category": "general", "title": "Workarounds", "text": "There are no workarounds that address this vulnerability." }, { "category": "general", "title": "Fixed Software", "text": "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Cisco UCS Software\r\nAt the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.\r\n\r\nThe left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability.\r\n\r\nUCS 6400 Series Fabric Interconnects\r\n Cisco UCS Software Release First Fixed Release for This Vulnerability 4.0 4.0(4i) 4.1 Not vulnerable\r\n Additional Resources\r\nFor help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, see the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance.\r\n\r\n\r\nCisco MDS Series Switches [\"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/b_MDS_NX-OS_Recommended_Releases.html\"]\r\nCisco Nexus 1000V for VMware Switch [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/recommended_releases/b_Cisco_N1KV_VMware_MinRecommendedReleases.html\"]\r\nCisco Nexus 3000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_3000_Series_Switches.html\"]\r\nCisco Nexus 5500 Platform Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/recommended_releases/n5500_recommended_nx-os_releases.html\"]\r\nCisco Nexus 5600 Platform Switches [\"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/release/recommended_releases/n5600_recommended_nx-os_releases.html\"]\r\nCisco Nexus 6000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/release/recommended_releases/recommended_nx-os_releases.html\"]\r\nCisco Nexus 7000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/recommended_releases/recommended_nx-os_releases.html\"]\r\nCisco Nexus 9000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_9000_Series_Switches.html\"]\r\nCisco Nexus 9000 Series ACI-Mode Switches [\"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.html\"]\r\n\r\nTo determine the best release for Cisco UCS Software, see the Recommended Releases documents in the release notes for the device." }, { "category": "general", "title": "Vulnerability Policy", "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco." }, { "category": "general", "title": "Exploitation and Public Announcements", "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." }, { "category": "general", "title": "Source", "text": "This vulnerability was found by Art Kalmykov of Cisco during internal security testing." }, { "category": "legal_disclaimer", "title": "Legal Disclaimer", "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products." } ], "publisher": { "category": "vendor", "contact_details": "psirt@cisco.com", "issuing_authority": "Cisco PSIRT", "name": "Cisco", "namespace": "https://wwww.cisco.com" }, "references": [ { "category": "self", "summary": "Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe" }, { "category": "external", "summary": "Cisco Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" }, { "category": "external", "summary": "considering software upgrades", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "Cisco Security Advisories page", "url": "https://www.cisco.com/go/psirt" }, { "category": "external", "summary": "Cisco MDS Series Switches", "url": "https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/b_MDS_NX-OS_Recommended_Releases.html" }, { "category": "external", "summary": "Cisco Nexus 1000V for VMware Switch", "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/recommended_releases/b_Cisco_N1KV_VMware_MinRecommendedReleases.html" }, { "category": "external", "summary": "Cisco Nexus 3000 Series Switches", "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_3000_Series_Switches.html" }, { "category": "external", "summary": "Cisco Nexus 5500 Platform Switches", "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/recommended_releases/n5500_recommended_nx-os_releases.html" }, { "category": "external", "summary": "Cisco Nexus 5600 Platform Switches", "url": "https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/release/recommended_releases/n5600_recommended_nx-os_releases.html" }, { "category": "external", "summary": "Cisco Nexus 6000 Series Switches", "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/release/recommended_releases/recommended_nx-os_releases.html" }, { "category": "external", "summary": "Cisco Nexus 7000 Series Switches", "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/recommended_releases/recommended_nx-os_releases.html" }, { "category": "external", "summary": "Cisco Nexus 9000 Series Switches", "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_9000_Series_Switches.html" }, { "category": "external", "summary": "Cisco Nexus 9000 Series ACI-Mode Switches", "url": "https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.html" } ], "title": "Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability", "tracking": { "current_release_date": "2020-08-26T16:00:00+00:00", "generator": { "date": "2024-05-10T22:51:42+00:00", "engine": { "name": "TVCE" } }, "id": "cisco-sa-ucs-cli-dos-GQUxCnTe", "initial_release_date": "2020-08-26T16:00:00+00:00", "revision_history": [ { "date": "2020-08-13T23:35:58+00:00", "number": "1.0.0", "summary": "Initial public release." } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "name": "Cisco", "category": "vendor", "branches": [ { "name": "Cisco Unified Computing System (Managed)", "category": "product_family", "product": { "name": "Cisco Unified Computing System (Managed) ", "product_id": "CSAFPID-112776" } } ] } ] }, "vulnerabilities": [ { "cve": "CVE-2020-3504", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvr91760" } ], "notes": [ { "category": "other", "title": "Affected Product Comprehensiveness", "text": "Complete." } ], "product_status": { "known_affected": [ "CSAFPID-112776" ] }, "release_date": "2020-08-26T16:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-112776" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-112776" ] } ], "title": "Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability" } ] }