Cisco IOS and IOS XE HTTP Server Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E. This vulnerability allows an authenticated, remote attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The issue arises from improper validation of user-supplied input, enabling attackers to send malformed HTTP requests that cause a watchdog timer to expire, forcing the device to reload.

Impact

Exploitation of this vulnerability causes the device to reload unexpectedly, creating a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. For guidance on upgrading to a fixed software release, consult the Cisco Security Vulnerability Policy or contact the Cisco Technical Assistance Center (TAC).