CVE-2024-20344 in Unified Computing Systeminfo

Summary

by MITRE • 02/29/2024

A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device.

This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 08/13/2025

The vulnerability identified as CVE-2024-20344 represents a critical weakness in the resource management mechanisms of Cisco UCS 6400 and 6500 Series Fabric Interconnects operating in Intersight Managed Mode. This flaw specifically targets the Device Console UI component, which serves as a primary interface for system administration and monitoring. The vulnerability stems from inadequate rate-limiting controls that govern incoming TCP connections to the console interface, creating an exploitable condition that can be leveraged by remote attackers without requiring authentication credentials. The affected devices are commonly deployed in enterprise data centers and cloud infrastructure environments where uninterrupted access to fabric interconnects is essential for maintaining network operations and system availability.

The technical exploitation of this vulnerability occurs through a straightforward yet effective method involving the flooding of TCP packets directed toward the Device Console UI service. Attackers can overwhelm the system's connection handling capabilities by establishing a high volume of TCP connections, bypassing normal authentication mechanisms and leveraging the insufficient rate-limiting controls. This connection flooding technique specifically targets the console UI process, which is responsible for managing administrative access and system monitoring functions. When the system's TCP connection handling capacity is exceeded, the Device Console UI process becomes overwhelmed and subsequently crashes, leading to a complete denial of service condition that renders the administrative interface inaccessible to legitimate users and administrators.

The operational impact of this vulnerability extends beyond simple service disruption, as it fundamentally compromises the availability of critical system management functions within the fabric interconnect infrastructure. Organizations relying on these devices for network management and monitoring operations face significant risks when this vulnerability is exploited, as the DoS condition requires manual intervention to restore full functionality. The need for a manual reload of the fabric interconnect represents a substantial operational overhead, particularly in mission-critical environments where downtime can result in service interruptions, reduced network performance, and potential business disruption. This vulnerability directly impacts the availability aspect of the CIA triad and can be classified under the Common Weakness Enumeration category CWE-400, which encompasses weaknesses related to resource exhaustion and insufficient rate limiting.

The exploitation of this vulnerability aligns with techniques described in the MITRE ATT&CK framework under the T1499 category, specifically targeting network denial of service conditions through resource exhaustion attacks. This attack pattern is particularly concerning for enterprise environments as it demonstrates how relatively simple network-based attacks can cause significant operational disruption without requiring advanced technical skills or privileged access. The vulnerability's impact is amplified in cloud and hybrid environments where fabric interconnects serve as critical components of the underlying infrastructure, making them attractive targets for adversaries seeking to disrupt business operations. Organizations should consider implementing network-level protections such as firewall rules and connection rate limiting to mitigate the risk of exploitation while applying official Cisco security advisories and patches to address the root cause of the vulnerability. The affected devices require immediate attention through patch management procedures to ensure that the rate-limiting controls are properly implemented and that the system can handle legitimate connection requests without being overwhelmed by malicious traffic patterns.

Reservation

11/08/2023

Disclosure

02/29/2024

Moderation

accepted

CPE

ready

EPSS

0.00826

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!