CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.2%
The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices.
The Cisco Content Service Switch (CSS) products include support for the session and application layers. This additional functionality allows a CSS device to make packet switching decisions based on packet contents (such as HTML tags) rather than relying solely upon packet header information.
The CSS 11000 series switch contains a vulnerability that causes the device to reboot when an HTTPS POST request is sent to its web management interface. Please note that this vulnerability can be exploited by unauthenticated attackers.
This vulnerability allows arbitrary remote attackers to reboot affected devices, creating a denial-of-service condition.
Apply a patch from Cisco
Cisco has prepared a patch to address this vulnerability. For more information on affected products and obtaining patches, please see
http://www.cisco.com/warp/public/707/css-http-post-pub.shtml
Prevent access to the web management interface
Cisco customers who are unable to patch affected devices can limit the exploitation of this vulnerability by preventing access to the web management interface. This can be accomplished via the use of a firewall or by disabling the web management interface from an alternate management interface.
330275
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 15, 2002 Updated: May 23, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23330275 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Jeffrey P. Lanza based on information provided by Cisco Systems.
CVE IDs: | CVE-2002-0792 |
---|---|
Severity Metric: | 16.88 Date Public: |