Vulnslist

find the latest Cisco vulnerabilities

Cisco Elastic Services Controller Denial of Service Vulnerability

cisco-sa-esc-dos-4Gw6D527 · Medium · Published · Updated

A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for the maximum number of TCP connections and SYN backlog. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to block TCP listening ports that are used by the health monitor API. This vulnerability only affects customers who use the health monitor API. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esc-dos-4Gw6D527

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2021-1312
Cisco Bug IDsCSCvv69484
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco Elastic Services Controller

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Elastic Services Controller known_affected cisco_csaf CVE-2021-1312 1

Related Products

Product CVE Evidence
Cisco Elastic Services Controller CVE-2021-1312 Cisco OpenVuln