Cisco Content Service Switch performs soft reset when XML data is sent to web management interface

2002-05-22T00:00:00
ID VU:686939
Type cert
Reporter CERT
Modified 2002-05-30T14:37:00

Description

Overview

The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to perform a soft reset on affected devices.

Description

The Cisco Content Service Switch (CSS) products include support for the session and application layers. This additional functionality allows a CSS device to make packet switching decisions based on packet contents (such as HTML tags) rather than relying solely upon packet header information.

The CSS 11000 series switch contains a vulnerability that causes the device to perform a soft reset when XML data is sent to its web management interface.


Impact

This vulnerability allows remote attackers to reboot affected devices, creating a denial-of-service condition.


Solution

Apply a patch from Cisco

Cisco has prepared a patch to address this vulnerability. For more information on affected products and obtaining patches, please see

http://www.cisco.com/warp/public/707/css-http-post-pub.shtml


Prevent access to the web management interface

Cisco customers who are unable to patch affected devices can limit the exploitation of this vulnerability by preventing access to the web management interface. This can be accomplished via the use of a firewall or by disabling the web management interface from an alternate management interface.


Vendor Information

686939

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Cisco Affected

Notified: May 15, 2002 Updated: May 23, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.cisco.com/warp/public/707/css-http-post-pub.shtml>
  • <http://www.securityfocus.com/bid/4748>

Acknowledgements

This document was written by Jeffrey P. Lanza based on information provided by Cisco Systems.

Other Information

CVE IDs: | CVE-2002-0792
---|---
Severity Metric: | 12.66
Date Public: | 2002-05-15
Date First Published: | 2002-05-22
Date Last Updated: | 2002-05-30 14:37 UTC
Document Revision: | 14