Lucene search

CiscoCISCO-SA-HTTP-DOS-SVODKDBS

HistoryApr 13, 2022 - 4:00 p.m.

Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability

2022-04-1316:00:00

tools.cisco.com

cisco

ios

software

web services

denial of service

vulnerability

http

server

code

update

advisory

april 2022

EPSS

0.001

Percentile

49.6%

JSON

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.

This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS”]

This advisory is part of the April 2022 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74561”]

Affected configurations

Vulners

Node

ciscoiosMatch15.2e

ciscoiosMatch15.9m

ciscoiosMatch15.1svr

ciscoiosMatch15.3jpj

ciscoiosMatch15.1svs

ciscoiosMatch15.1svt

ciscoiosMatch15.1svu

ciscoiosMatch15.1svv

ciscoiosMatchany

ciscocisco_ios_xe_softwareMatch3.11e

ciscocisco_ios_xe_softwareMatchany

ciscoiosMatch15.2\(7\)e3

ciscoiosMatch15.2\(7\)e4

ciscoiosMatch15.2\(7\)e3k

ciscoiosMatch15.2\(8\)e

ciscoiosMatch15.9\(3\)m2

ciscoiosMatch15.9\(3\)m3

ciscoiosMatch15.9\(3\)m2a

ciscoiosMatch15.9\(3\)m3a

ciscoiosMatch15.9\(3\)m4

ciscoiosMatch15.9\(3\)m3b

ciscoiosMatch15.1\(3\)svr1

ciscoiosMatch15.1\(3\)svr2

ciscoiosMatch15.1\(3\)svr3

ciscoiosMatch15.3\(3\)jpj8

ciscoiosMatch15.1\(3\)svs

ciscoiosMatch15.1\(3\)svs1

ciscoiosMatch15.1\(3\)svt1

ciscoiosMatch15.1\(3\)svt2

ciscoiosMatch15.1\(3\)svt3

ciscoiosMatch15.1\(3\)svu1

ciscoiosMatch15.1\(3\)svu10

ciscoiosMatch15.1\(3\)svu2

ciscoiosMatch15.1\(3\)svv1

ciscoiosMatchany

ciscocisco_ios_xe_softwareMatch3.11.3e

ciscocisco_ios_xe_softwareMatch3.11.4e

ciscocisco_ios_xe_softwareMatch3.11.3ae

ciscocisco_ios_xe_softwareMatchany

VendorProductVersionCPE
ciscoios15.2ecpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:*
ciscoios15.9mcpe:2.3:o:cisco:ios:15.9m:*:*:*:*:*:*:*
ciscoios15.1svrcpe:2.3:o:cisco:ios:15.1svr:*:*:*:*:*:*:*
ciscoios15.3jpjcpe:2.3:o:cisco:ios:15.3jpj:*:*:*:*:*:*:*
ciscoios15.1svscpe:2.3:o:cisco:ios:15.1svs:*:*:*:*:*:*:*
ciscoios15.1svtcpe:2.3:o:cisco:ios:15.1svt:*:*:*:*:*:*:*
ciscoios15.1svucpe:2.3:o:cisco:ios:15.1svu:*:*:*:*:*:*:*
ciscoios15.1svvcpe:2.3:o:cisco:ios:15.1svv:*:*:*:*:*:*:*
ciscoiosanycpe:2.3:o:cisco:ios:any:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.11ecpe:2.3:a:cisco:cisco_ios_xe_software:3.11e:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.2e	cpe:2.3:o:cisco:ios:15.2e:::::::*
cisco	ios	15.9m	cpe:2.3:o:cisco:ios:15.9m:::::::*
cisco	ios	15.1svr	cpe:2.3:o:cisco:ios:15.1svr:::::::*
cisco	ios	15.3jpj	cpe:2.3:o:cisco:ios:15.3jpj:::::::*
cisco	ios	15.1svs	cpe:2.3:o:cisco:ios:15.1svs:::::::*
cisco	ios	15.1svt	cpe:2.3:o:cisco:ios:15.1svt:::::::*
cisco	ios	15.1svu	cpe:2.3:o:cisco:ios:15.1svu:::::::*
cisco	ios	15.1svv	cpe:2.3:o:cisco:ios:15.1svv:::::::*
cisco	ios	any	cpe:2.3:o:cisco:ios:any:::::::*
cisco	cisco_ios_xe_software	3.11e	cpe:2.3:a:cisco:cisco_ios_xe_software:3.11e:::::::*