Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO). This issue allows an unauthenticated, remote attacker to disrupt service on affected systems by exploiting inadequate rate-limiting on incoming network connections. By sending a high volume of connection requests, an attacker can exhaust available connection resources, causing the applications to become unresponsive. This disruption affects legitimate users and dependent services, with a manual reboot required to restore normal functionality.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the affected system to become unresponsive and disrupting service for legitimate users and dependent services.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco CNC versions 7.1 and earlier, users should migrate to a fixed release. For Cisco NSO versions 6.3 and earlier, users should also migrate to a fixed release. Cisco NSO version 6.4.1.3 is available for users on version 6.4. For guidance on upgrading, consult the Cisco Security Vulnerability Policy.