CVE-2021-34736 — MEDIUM (5.3)

Q: How severe is CVE-2021-34736?

CVE-2021-34736 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-34736?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System, Cisco Ucs C125 M5, Cisco Ucs C22 M3, Cisco Ucs C220 M3, Cisco Ucs C220 M4.

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Cisco	Unified Computing System	< 4.1\(2g\)
Cisco	Ucs C125 M5	-
Cisco	Ucs C22 M3	-
Cisco	Ucs C220 M3	-
Cisco	Ucs C220 M4	-
Cisco	Ucs C220 M5	-
Cisco	Ucs C225 M6	-
Cisco	Ucs C24 M3	-
Cisco	Ucs C240 M3	-
Cisco	Ucs C240 M5	-
Cisco	Ucs C240 Sd M5	-
Cisco	Ucs C245 M6	-
Cisco	Ucs C260 M2	-
Cisco	Ucs C3160	-
Cisco	Ucs C3260	-
Cisco	Ucs C420 M3	-
Cisco	Ucs C4200	-
Cisco	Ucs C460 M2	-
Cisco	Ucs C460 M4	-
Cisco	Ucs C480 M5	-

Related Weaknesses (CWE)

CWE-20

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory

FAQ

What is CVE-2021-34736?

CVE-2021-34736 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interfa...

How severe is CVE-2021-34736?

CVE-2021-34736 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34736?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System, Cisco Ucs C125 M5, Cisco Ucs C22 M3, Cisco Ucs C220 M3, Cisco Ucs C220 M4.