Home / Cisco Security / Security Advisories

Cisco Security Advisory

Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

Medium
Advisory ID:
cisco-sa-ucs-cli-dos-GQUxCnTe
First Published:
2020 August 26 16:00 GMT
Version 1.0:
Final
Workarounds:
No workarounds available
Cisco Bug IDs:
CSCvr91760
CVE-2020-3504
CWE-664
CVSS Score:
Base 3.3Click Icon to Copy Verbose Score
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
CVE-2020-3504
CWE-664

Summary

  • A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.

    The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe

Affected Products

  • Vulnerable Products

    At the time of publication, this vulnerability affected Cisco UCS 6400 Series Fabric Interconnects if they were running a vulnerable release of Cisco UCS Manager Software.

    For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following Cisco products:

    • Firepower 1000 Series
    • Firepower 2100 Series
    • Firepower 4100 Series
    • Firepower 9300 Security Appliances
    • MDS 9000 Series Multilayer Switches
    • Nexus 1000 Virtual Edge for VMware vSphere
    • Nexus 1000V Switch for Microsoft Hyper-V
    • Nexus 1000V Switch for VMware vSphere
    • Nexus 3000 Series Switches
    • Nexus 5500 Platform Switches
    • Nexus 5600 Platform Switches
    • Nexus 6000 Series Switches
    • Nexus 7000 Series Switches
    • Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
    • Nexus 9000 Series Switches in standalone NX-OS mode
    • UCS 6200 Series Fabric Interconnects
    • UCS 6300 Series Fabric Interconnects

Indicators of Compromise

  • Exploitation of this vulnerability can result in a buildup of stuck ucssh processes that were not terminated correctly. To see the list of ucssh processes, use the show processes | include ucssh command on the local-mgmt CLI, as shown in the following example:

    UCS-FI-A(local-mgmt)#  show processes | include ucssh
    18795 root      20   0  160232  39056   7412 R  3.7  0.1 0:17.98 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    19390 root      20   0  160228  39600   7960 R  3.7  0.1 0:14.82 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    20838 root      20   0  160232  39600   7412 R  3.7  0.1 0:12.21 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    21923 root      20   0  160228  39600   7960 R  3.7  0.1 0:10.33 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    13744 root      20   0  160232  39056   7412 R  3.5  0.1 0:25.62 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    14990 root      20   0  160228  39600   7960 R  3.5  0.1 0:23.49 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    16234 root      20   0  160232  39600   7412 R  3.5  0.1 0:21.73 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    17436 root      20   0  160232  39056   7960 R  3.5  0.1 0:19.03 /isan/bin/ucssh --ucs-local-mgmt -t 30 -p admin
    .
    .
    .

Workarounds

  • There are no workarounds that address this vulnerability.

Fixed Software

  • When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

    Cisco UCS Software

    At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

    The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability.

    UCS 6400 Series Fabric Interconnects

    Cisco UCS Software Release First Fixed Release for This Vulnerability
    4.0 4.0(4i)
    4.1 Not vulnerable

    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, see the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance.

    Cisco MDS Series Switches
    Cisco Nexus 1000V for VMware Switch
    Cisco Nexus 3000 Series Switches
    Cisco Nexus 5500 Platform Switches
    Cisco Nexus 5600 Platform Switches
    Cisco Nexus 6000 Series Switches
    Cisco Nexus 7000 Series Switches
    Cisco Nexus 9000 Series Switches
    Cisco Nexus 9000 Series ACI-Mode Switches

    To determine the best release for Cisco UCS Software, see the Recommended Releases documents in the release notes for the device.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

  • This vulnerability was found by Art Kalmykov of Cisco during internal security testing.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Related to This Advisory

URL

Revision History

  • Version Description Section Status Date
    1.0 Initial public release. - Final 2020-AUG-26
    Show Less

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Related to This Advisory