A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS”]
This advisory is part of the April 2022 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74561”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios | 15.2e | cpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:* |
cisco | ios | 15.9m | cpe:2.3:o:cisco:ios:15.9m:*:*:*:*:*:*:* |
cisco | ios | 15.1svr | cpe:2.3:o:cisco:ios:15.1svr:*:*:*:*:*:*:* |
cisco | ios | 15.3jpj | cpe:2.3:o:cisco:ios:15.3jpj:*:*:*:*:*:*:* |
cisco | ios | 15.1svs | cpe:2.3:o:cisco:ios:15.1svs:*:*:*:*:*:*:* |
cisco | ios | 15.1svt | cpe:2.3:o:cisco:ios:15.1svt:*:*:*:*:*:*:* |
cisco | ios | 15.1svu | cpe:2.3:o:cisco:ios:15.1svu:*:*:*:*:*:*:* |
cisco | ios | 15.1svv | cpe:2.3:o:cisco:ios:15.1svv:*:*:*:*:*:*:* |
cisco | ios | any | cpe:2.3:o:cisco:ios:any:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 3.11e | cpe:2.3:a:cisco:cisco_ios_xe_software:3.11e:*:*:*:*:*:*:* |