CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
56.0%
A vulnerability in the web framework of Cisco Intrusion Prevention System (IPS) Software could allow
an authenticated, remote attacker to cause MainApp to hang
intermittently because the authentication manager process creates a
denial of service (DoS) condition.
The vulnerability is due to improper handling of user tokens. An
attacker could exploit this vulnerability by sending a crafted
connection request to the Cisco IPS management interface.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must have authenticated access to the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | intrusion_prevention_system | any | cpe:2.3:a:cisco:intrusion_prevention_system:any:*:*:*:*:*:*:* |