漏洞标题
N/A
漏洞描述信息
Cisco IoT现场网络经理(IoT-FND)的TCP滑动窗口过程的一个漏洞可能导致无验证的远程攻击者使系统消耗额外的内存,最终导致设备重启,即内存耗尽。该漏洞是由于限制率限制保护不足。攻击者可以通过向目标设备上的特定开放监听端口的一组端口发送高频率的TCP数据包来利用此漏洞。利用此漏洞可以让攻击者使系统消耗额外的内存。如果消耗了足够的可用内存,系统将重启,创建一个暂时的拒绝服务(DoS)条件。在设备完成重启过程后,DoS条件将结束。此漏洞会影响以下 Cisco产品:连接到电网网络管理系统,如果运行一个软件版本在IoT-FND 4.0之前;IoT现场网络经理,如果运行一个软件版本在IoT-FND 4.0之前。Cisco bug ID: CSCvc77164。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164.
CVSS信息
N/A
漏洞类别
资源管理错误
漏洞标题
Cisco IoT Field Network Director 资源管理错误漏洞
漏洞描述信息
Cisco IoT Field Network Director(IoT-FND)是美国思科(Cisco)公司的一套端到端的物联网管理系统。该系统具有设备管理、资产跟踪和智能计量等功能。 Cisco IoT-FND 4.0之前的版本的TCP throttling进程存在拒绝服务漏洞,该漏洞源于程序没有充分的执行速率限制保护。远程攻击者可通过发送高速率TCP数据包利用该漏洞消耗多余的内存,造成设备重启,导致拒绝服务。
CVSS信息
N/A
漏洞类别
资源管理错误