CVE-2024-20344

Name of the Vulnerable Software and Affected Versions Cisco UCS 6400 and 6500 Series Fabric Interconnects (affected versions not specified)

Description The issue is related to insufficient rate-limiting of TCP connections, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This can be achieved by sending a high number of TCP packets to the Device Console UI, potentially causing the process to crash. A manual reload of the fabric interconnect is needed to restore complete functionality.

Recommendations For Cisco UCS 6400 and 6500 Series Fabric Interconnects in Intersight Managed Mode (IMM), consider implementing rate-limiting measures for TCP connections to the Device Console UI to prevent exploitation. As a temporary workaround, restrict access to the Device Console UI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.