US-CERT has warned that a vulnerability in Cisco's internet architecture gear could allow an unauthenticated, remote attacker to cause a denial of service condition for websites running on the architecture.
Cisco has released a patch for the issue, found in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers.
The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device. If successful, the Cisco IMC of the device may become unresponsive and cannot be restarted from the IOS command line interface or via IPMI. In turn, this would result in the administrator being unable to utilize the out-of-band features that the Cisco IMC provides, such as remote power-on/off, IP keyboard-video-mouse (KVM), remote media (vMedia), and serial console access. The operating system running on the blade would be unaffected.
The device may need to be physically restarted to restore the Cisco IMC functionality. Cisco said that the recovery of the Cisco IMC from such a state would likely require a restart of either the affected E-Series Server via physical interaction with the blade's power switch, or a restart of the ISR G2 router that the device is installed in.
A restart of the E-Series blades via the power switch will cause a loss of power to the operating system running on the device. A restart of the ISR G2 router will cause a loss of all traffic passing through the router while it restarts, as well as impacting the blade servers installed in the device. Cisco recommends utilizing an OS-provided remote access method to properly shut down the operating system to prevent potential corruption of the OS before performing any recovery action if available.
Both the SSH CLI and Web GUI services are enabled by default once the IP Address for the device has been configured either manually or via DHCP.
Successful exploitation of the vulnerability may cause the Cisco IMC of the affected blade server to become unresponsive.
If the Cisco IMC of a blade server is affected by this vulnerability, the OS or hypervisor running on the blade will remain unaffected. If a restart of the device is required to restore Cisco IMC functionality, Cisco recommends that administrators properly shut down the OS prior to taking any restoration actions if possible; power will be lost to both the Cisco IMC and OS running on the blade.