Vulnerability Details CVE-2024-20344
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device.
This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.3%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-20344
-
cpe:2.3:a:cisco:imm_management_package:-
-
cpe:2.3:a:cisco:imm_management_package:1.0.9-636
-
cpe:2.3:h:cisco:ucs_64108:-
-
cpe:2.3:h:cisco:ucs_6454:-
-
cpe:2.3:h:cisco:ucs_6536:-