Cisco Security Advisory
Click Icon to Copy Verbose Score
AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
-
A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.
Cisco has released software updates that address this vulnerability
The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse
-
Cisco UCS E-Series Servers are next-generation, power-optimized Intel Xeon x86 64-bit blade servers designed to be deployed in Cisco Integrated Services Routers Generation 2 (ISR G2).
Vulnerable Products
- Cisco UCS E140D
- Cisco UCS E140DP
- Cisco UCS E160D
- Cisco UCS E160DP
- Cisco UCS E140S M1
- Cisco UCS E140S M2
- Cisco UCS EN120S M2
Products Confirmed Not Vulnerable
- Cisco UCS B-Series Blade Servers
- Cisco UCS C-Series Servers
-
Cisco Integrated Management Controller SSH Denial of Service Vulnerability
A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.
The vulnerability is due to a failure to properly handle an SSH packet that contains specific values. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device. If successful, the Cisco IMC of the device may become unresponsive and cannot be restarted from the IOS command line interface or via IPMI.
Recovery of the Cisco IMC will likely require a restart of the affected E-Series Server via physical interaction with the blade's power switch, or a restart of the ISR G2 router that the device is installed in. A restart of the E-Series blades via the power switch will cause a loss of power to the operating system running on the device. A restart of the ISR G2 router will cause a loss of all traffic passing through the router while it restarts as well as impacting the blade servers installed in the device. Cisco recommends utilizing an OS provided remote access method to properly shutdown the operating system to prevent potential corruption of the OS before preforming any recovery action if available.
Both the SSH CLI and Web GUI services are enabled by default once the IP Address for the device has been configured either manually or via DHCP.
This vulnerability is documented in Cisco bug ID CSCuo69206 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2014-3348.
-
No workarounds are available.
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35308
-
When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Cisco UCS E-Series - Cisco Integrated Management Controller (Cisco IMC) Software
Release First Fixed Recommended 1.0.1 N/A Migrate to 2.3.1 1.0.2 N/A Migrate to 2.3.1 2.1.0 N/A Migrate to 2.3.1
2.2.0 N/A Migrate to 2.3.1 2.3.1 2.3.1 2.3.1
Note: Customers should refer to the Host Upgrade Utility documentation for instructions on how to upgrade the firmware on their Cisco UCS E-Series blade server.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
This vulnerability was discovered during the investigation of a customer issue by Cisco TAC.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessRevision 1.0 2014-September-08 Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.