Overview
The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to perform a soft reset on affected devices.
Description
The Cisco Content Service Switch (CSS) products include support for the session and application layers. This additional functionality allows a CSS device to make packet switching decisions based on packet contents (such as HTML tags) rather than relying solely upon packet header information. The CSS 11000 series switch contains a vulnerability that causes the device to perform a soft reset when XML data is sent to its web management interface. |
Impact
This vulnerability allows remote attackers to reboot affected devices, creating a denial-of-service condition. |
Solution
Apply a patch from Cisco |
Prevent access to the web management interface
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This document was written by Jeffrey P. Lanza based on information provided by Cisco Systems.
Other Information
CVE IDs: | CVE-2002-0792 |
Severity Metric: | 12.66 |
Date Public: | 2002-05-15 |
Date First Published: | 2002-05-22 |
Date Last Updated: | 2002-05-30 14:37 UTC |
Document Revision: | 14 |