Lucene search

K
ciscoCiscoCISCO-SA-20151008-CPI
HistoryOct 08, 2015 - 9:30 p.m.

Cisco Prime Renegotiation Request Denial of Service Vulnerability

2015-10-0821:30:00
tools.cisco.com
16

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

48.6%

A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL requests to a targeted system. A successful exploit could cause the system to become unresponsive, resulting in a DoS condition.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-cpi[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-cpi”]

Affected configurations

Vulners
Node
ciscoprime_infrastructureMatchany
OR
ciscoprime_infrastructureMatchany
VendorProductVersionCPE
ciscoprime_infrastructureanycpe:2.3:a:cisco:prime_infrastructure:any:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

48.6%

Related for CISCO-SA-20151008-CPI