Vulnerability Description
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Firepower Extensible Operating System | - |
| Cisco | Firepower 1010 | - |
| Cisco | Firepower 1120 | - |
| Cisco | Firepower 1140 | - |
| Cisco | Firepower 1150 | - |
| Cisco | Firepower 2110 | - |
| Cisco | Firepower 2120 | - |
| Cisco | Firepower 2130 | - |
| Cisco | Firepower 2140 | - |
| Cisco | Firepower 4110 | - |
| Cisco | Firepower 4112 | - |
| Cisco | Firepower 4115 | - |
| Cisco | Firepower 4120 | - |
| Cisco | Firepower 4125 | - |
| Cisco | Firepower 4140 | - |
| Cisco | Firepower 4145 | - |
| Cisco | Firepower 4150 | - |
| Cisco | Firepower 9300 | - |
| Cisco | Nx-Os | - |
| Cisco | Mds 9100 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uVendor Advisory
FAQ
What is CVE-2020-3504?
CVE-2020-3504 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. ...
How severe is CVE-2020-3504?
CVE-2020-3504 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3504?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower Extensible Operating System, Cisco Firepower 1010, Cisco Firepower 1120, Cisco Firepower 1140, Cisco Firepower 1150.