CVE-2018-15404
MEDIUMCisco UCS Director & IMC Supervisor Authenticated DoS via Web Interface
Title source: llmDescription
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-dos
Scores
CVSS v3
6.5
EPSS
0.0107
EPSS Percentile
60.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-399
CWE-770
Status
published
Products (2)
cisco/integrated_management_controller_supervisor
2.1\(0.0\)
cisco/unified_computing_system_director
6.6\(0.0\)
Published
Oct 05, 2018
Tracked Since
Feb 18, 2026