CVE-2020-3504

Name of the Vulnerable Software and Affected Versions: Cisco UCS 6400 Series Fabric Interconnects (affected versions not specified) Cisco UCS Manager Software (affected versions not specified)

Description: The issue is related to the improper handling of CLI command parameters in the local management component of the software. This could allow an authenticated, local attacker to cause a denial of service condition on an affected device. An attacker could exploit this by executing specific commands on the local-mgmt CLI, potentially causing internal system processes to fail to terminate properly. This could lead to a buildup of stuck processes, resulting in slowness when accessing the UCS Manager CLI and web UI. A sustained attack may cause a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.

Recommendations: For Cisco UCS 6400 Series Fabric Interconnects, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco UCS Manager Software, at the moment, there is no information about a newer version that contains a fix for this vulnerability.