漏洞标题
Cisco IOS XE软件文件系统耗尽拒绝服务漏洞
漏洞描述信息
Cisco IOS XE软件文件系统的资源管理代码中存在一个漏洞,未经身份验证的远程攻击者可能利用该漏洞耗尽受影响设备的文件系统资源,导致拒绝服务(DoS)状况。此漏洞是由于对底层文件系统资源的管理不力造成的。攻击者可以通过执行导致消息被发送到特定操作系统日志文件的特定操作来利用此漏洞。成功的利用可能导致攻击者耗尽受影响设备上可用的文件系统空间。这可能导致设备崩溃并重新加载,从而导致设备上的网络流量转发客户的DoS状况。设备重新加载后,受影响的文件系统空间将被清除,设备将恢复正常使用。但是,继续利用此漏洞可能会导致后续的强制崩溃和重新加载,从而导致DoS状况延长。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability
漏洞描述信息
A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition.
CVSS信息
N/A
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
Cisco IOS XE 资源管理错误漏洞
漏洞描述信息
Cisco IOS XE是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XE中的文件系统资源管理代码存在资源管理错误漏洞,该漏洞源于程序没有有效地管理底层文件系统资源。远程攻击者可利用该漏洞耗尽文件系统资源,进而造成拒绝服务。
CVSS信息
N/A
漏洞类别
其他