Cisco IOS Software Web UI Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the web user interface of Cisco IOS Software running on Industrial Ethernet Switches. This issue allows an authenticated, remote attacker with low privileges to cause the affected device to reload, creating a DoS condition. The vulnerability arises from improper input validation, enabling attackers to send crafted URLs in HTTP requests that trigger the device to reload.

Impact

Exploitation of this vulnerability causes the affected device to reload, leading to a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. To determine the appropriate update, users can consult the Cisco Software Checker tool, which identifies fixed software releases. For devices running the vulnerable software, the HTTP Server feature can be disabled as a temporary mitigation until an upgrade is applied.