Vulnerability Description
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | 1.4 |
| Cisco | C200 M1 | All versions |
| Cisco | C200 M2 | All versions |
| Cisco | C210 M2 | All versions |
| Cisco | C22 M3 | All versions |
| Cisco | C220 M3 | All versions |
| Cisco | C220 M4 | All versions |
| Cisco | C24 M3 | All versions |
| Cisco | C240 M3 | All versions |
| Cisco | C240 M4 | All versions |
| Cisco | C250 M1 | All versions |
| Cisco | C250 M2 | All versions |
| Cisco | C260 M2 | All versions |
| Cisco | C3160 | All versions |
| Cisco | C420 M2 | All versions |
| Cisco | C420 M3 | All versions |
| Cisco | C460 M1 | All versions |
| Cisco | C460 M2 | All versions |
| Cisco | C460 M4 | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37575Vendor Advisory
- http://www.securityfocus.com/bid/72760
- http://www.securityfocus.com/bid/85711
- http://www.securitytracker.com/id/1031796
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37575Vendor Advisory
- http://www.securityfocus.com/bid/72760
- http://www.securityfocus.com/bid/85711
- http://www.securitytracker.com/id/1031796
FAQ
What is CVE-2015-0633?
CVE-2015-0633 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending cra...
How severe is CVE-2015-0633?
CVE-2015-0633 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0633?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System, Cisco C200 M1, Cisco C200 M2, Cisco C210 M2, Cisco C22 M3.