Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability
Summary
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit could allow the attacker to cause a watchdog timer to expire and the device to reload, resulting in a DoS condition. To exploit this vulnerability, th…
- Scope: This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS Software or IOS XE Software Release 3E and they have the HTTP Server feature enabled with an active WEB_EXEC module.
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.