N/A

A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806.

N/A

资源管理错误

Cisco Remote Expert Manager Software 安全漏洞

Cisco Remote Expert Manager Software是美国思科（Cisco）公司的的一款远程管理软件。该软件远程屏幕共享、屏幕注释和会话记录等协作功能。 Cisco Remote Expert Manager Software 11.0.0版本中的TCP连接处理功能存在拒绝服务漏洞。远程攻击者可通过发送特制的数据流利用该漏洞禁用TCP端口，造成拒绝服务。

N/A

N/A