Cisco IOS XE Software Web UI Denial of Service Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

输入验证不恰当

Cisco IOS XE Software 输入验证错误漏洞

Cisco IOS XE Software是美国思科（Cisco）公司的一个操作系统。用于企业有线和无线访问，汇聚，核心和WAN的单一操作系统，Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在输入验证错误漏洞，该漏洞源于web UI中的错误处理不足。允许经过身份验证的、具有只读权限的远程攻击者可利用该漏洞导致web UI软件失去响应并消耗vty line实例，从而导致拒绝服务(DoS)条件。

N/A

N/A