CVE-2021-1592 is a vulnerability in Cisco Unified Computing System
Published on August 25, 2021
Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability
A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.
Vulnerability Analysis
CVE-2021-1592 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Improper Control of a Resource Through its Lifetime
The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
Products Associated with CVE-2021-1592
Want to know whenever a new CVE is published for Cisco Unified Computing System? stack.watch will email you.
Affected Versions
Cisco Unified Computing System (Managed) Version n/a is affected by CVE-2021-1592Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.