製品・ソフトウェアに関する情報

JVN脆弱性詳細

C-Series サーバ上で稼動する Cisco Unified Computing System の Integrated Management Controller におけるアクセス制限を回避される脆弱性

Title	C-Series サーバ上で稼動する Cisco Unified Computing System の Integrated Management Controller におけるアクセス制限を回避される脆弱性
Summary	C-Series サーバ上で稼動する Cisco Unified Computing System (UCS) の Integrated Management Controller (IMC) には、アクセス制限を回避される脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCuf52876 として公開しています。
Possible impacts	第三者により、ローカルネットワークに巧妙に細工された DHCP レスポンスパケットを送信されることで、アクセス制限を回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 25, 2015, midnight
Registration Date	Feb. 27, 2015, 3:29 p.m.
Last Update	Feb. 27, 2015, 3:29 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:A/AC:L/Au:N/C:N/I:P/A:C

Affected System

シスコシステムズ

Cisco C200-M1

Cisco C200-M2

Cisco C210-M2

Cisco C22-M3

Cisco C220-M3

Cisco C220-M4

Cisco C24-M3

Cisco C240-M3

Cisco C240-M4

Cisco C250-M1

Cisco C250-M2

Cisco C260-M2

Cisco C3160

Cisco C420-M2

Cisco C420-M3

Cisco C460-M1

Cisco C460-M2

Cisco C460-M4

Cisco Unified Computing System ソフトウェア 1.4(7h) およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-0633	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0633
National Vulnerability Database (NVD)
2	CVE-2015-0633	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0633

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Cisco Security Notice
1	Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633
Vulnerability Alert
2	37575	http://tools.cisco.com/security/center/viewAlert.x?alertId=37575

Change Log

No	Changed Details	Date of change
0	[2015年02月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-0633

Summary	The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.
Publication Date	Feb. 26, 2015, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:44 p.m.
Last Update	Nov. 21, 2024, 11:23 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_computing_system:1.4:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(1c\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(2\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3c\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3c\)2:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3j\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3k\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3p\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3p\)5:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3s\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(4a\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(4a\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5b\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5e\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5g\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5g\)2:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5h\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5j\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(6c\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(6d\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(7b\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(7c\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(7h\):::::::*
execution environment
1	cpe:2.3:h:cisco:c200_m1::::::::
2	cpe:2.3:h:cisco:c200_m2::::::::
3	cpe:2.3:h:cisco:c210_m2::::::::
4	cpe:2.3:h:cisco:c22_m3::::::::
5	cpe:2.3:h:cisco:c220_m3::::::::
6	cpe:2.3:h:cisco:c220_m4::::::::
7	cpe:2.3:h:cisco:c24_m3::::::::
8	cpe:2.3:h:cisco:c240_m3::::::::
9	cpe:2.3:h:cisco:c240_m4::::::::
10	cpe:2.3:h:cisco:c250_m1::::::::
11	cpe:2.3:h:cisco:c250_m2::::::::
12	cpe:2.3:h:cisco:c260_m2::::::::
13	cpe:2.3:h:cisco:c3160::::::::
14	cpe:2.3:h:cisco:c420_m2::::::::
15	cpe:2.3:h:cisco:c420_m3::::::::
16	cpe:2.3:h:cisco:c460_m1::::::::
17	cpe:2.3:h:cisco:c460_m2::::::::
18	cpe:2.3:h:cisco:c460_m4::::::::

Related information, measures and tools

No	URL	タグ
1	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633	Vendor Advisory
2	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633	Vendor Advisory
3	http://tools.cisco.com/security/center/viewAlert.x?alertId=37575	Vendor Advisory
4	http://tools.cisco.com/security/center/viewAlert.x?alertId=37575	Vendor Advisory
5	http://www.securityfocus.com/bid/72760
6	http://www.securityfocus.com/bid/72760
7	http://www.securityfocus.com/bid/85711
8	http://www.securityfocus.com/bid/85711
9	http://www.securitytracker.com/id/1031796
10	http://www.securitytracker.com/id/1031796

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_computing_system:1.4:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(1c\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(2\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3c\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3c\)2:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3j\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3k\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3p\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3p\)5:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(3s\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(4a\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(4a\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5b\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5e\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5g\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5g\)2:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5h\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(5j\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(6c\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(6d\):::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(7b\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(7c\)1:::::::*
cpe:2.3:a:cisco:unified_computing_system:1.4\(7h\):::::::*
execution environment
1	cpe:2.3:h:cisco:c200_m1::::::::
2	cpe:2.3:h:cisco:c200_m2::::::::
3	cpe:2.3:h:cisco:c210_m2::::::::
4	cpe:2.3:h:cisco:c22_m3::::::::
5	cpe:2.3:h:cisco:c220_m3::::::::
6	cpe:2.3:h:cisco:c220_m4::::::::
7	cpe:2.3:h:cisco:c24_m3::::::::
8	cpe:2.3:h:cisco:c240_m3::::::::
9	cpe:2.3:h:cisco:c240_m4::::::::
10	cpe:2.3:h:cisco:c250_m1::::::::
11	cpe:2.3:h:cisco:c250_m2::::::::
12	cpe:2.3:h:cisco:c260_m2::::::::
13	cpe:2.3:h:cisco:c3160::::::::
14	cpe:2.3:h:cisco:c420_m2::::::::
15	cpe:2.3:h:cisco:c420_m3::::::::
16	cpe:2.3:h:cisco:c460_m1::::::::
17	cpe:2.3:h:cisco:c460_m2::::::::
18	cpe:2.3:h:cisco:c460_m4::::::::