Design/Logic Flaw

2021-03-2421:15:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.

CPENameOperatorVersion
ios_xeeq16.12.1
ios_xeeq16.11.1
ios_xeeq17.1.1
ios_xeeq16.11.197
ios_xeeq16.12.199
ios_xeeq16.12.1116
ios_xeeq16.11.2
ios_xeeq16.12.1115
ios_xeeq16.12.197
ios_xeeq16.12.1120

Name	Operator	Version
ios_xe	eq	16.12.1
ios_xe	eq	16.11.1
ios_xe	eq	17.1.1
ios_xe	eq	16.11.197
ios_xe	eq	16.12.199
ios_xe	eq	16.12.1116
ios_xe	eq	16.11.2
ios_xe	eq	16.12.1115
ios_xe	eq	16.12.197
ios_xe	eq	16.12.1120