CVE-2015-0633
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
6.8
Description
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | unified_computing_system | 1.4 | |
| cisco | unified_computing_system | 1.4\(1c\) | |
| cisco | unified_computing_system | 1.4\(2\) | |
| cisco | unified_computing_system | 1.4\(3c\)1 | |
| cisco | unified_computing_system | 1.4\(3c\)2 | |
| cisco | unified_computing_system | 1.4\(3j\) | |
| cisco | unified_computing_system | 1.4\(3k\) | |
| cisco | unified_computing_system | 1.4\(3p\) | |
| cisco | unified_computing_system | 1.4\(3p\)5 | |
| cisco | unified_computing_system | 1.4\(3s\) | |
| cisco | unified_computing_system | 1.4\(4a\) | |
| cisco | unified_computing_system | 1.4\(4a\)1 | |
| cisco | unified_computing_system | 1.4\(5b\)1 | |
| cisco | unified_computing_system | 1.4\(5e\) | |
| cisco | unified_computing_system | 1.4\(5g\) | |
| cisco | unified_computing_system | 1.4\(5g\)2 | |
| cisco | unified_computing_system | 1.4\(5h\) | |
| cisco | unified_computing_system | 1.4\(5j\) | |
| cisco | unified_computing_system | 1.4\(6c\) | |
| cisco | unified_computing_system | 1.4\(6d\) | |
| cisco | unified_computing_system | 1.4\(7b\)1 | |
| cisco | unified_computing_system | 1.4\(7c\)1 | |
| cisco | unified_computing_system | 1.4\(7h\) | |
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37575
- http://www.securityfocus.com/bid/72760
- http://www.securityfocus.com/bid/85711
- http://www.securitytracker.com/id/1031796
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37575
- http://www.securityfocus.com/bid/72760
- http://www.securityfocus.com/bid/85711
- http://www.securitytracker.com/id/1031796
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.