Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.
Metrics
Affected Vendors & Products
References
History
Sat, 09 Nov 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2021-03-24T20:15:56.475181Z
Updated: 2024-11-08T23:31:37.300Z
Reserved: 2020-11-13T00:00:00
Link: CVE-2021-1356
Vulnrichment
Updated: 2024-08-03T16:11:16.687Z
NVD
Status : Modified
Published: 2021-03-24T21:15:11.647
Modified: 2024-11-21T05:44:10.107
Link: CVE-2021-1356
Redhat
No data.