Severity
Medium
Analysis Summary
CVE-2021-40122
Cisco Meeting Server is vulnerable to a denial of service, caused by improper handling of large series of message requests. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause the device to reload, dropping all ongoing calls and results in a denial of service condition.
CVE-2021-34736
Cisco Integrated Management Controller (IMC) Software is vulnerable to a denial of service, caused by improper input validation by the web-based management interface. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the interface to restart, and results in a denial of service condition.
CVE-2021-40123
Cisco Identity Services Engine could allow a remote authenticated attacker to obtain sensitive information, caused by an incorrect permissions settings flaw. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to download restricted files, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Affected Vendors
Cisco
Affected Products
- Cisco Meeting Server
- Cisco Integrated Management Controller
- Cisco UCS C-Series Rack Servers in standalone mode
- Cisco UCS S-Series Storage Servers in standalone mode
- Cisco Identity Services Engine (ISE)
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-40122
CVE-2021-34736
CVE-2021-40123