Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023

cisco-sa-http2-reset-d8Kf32vZ · High · Published · Updated

On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service (DDoS) attack technique, was disclosed: CVE-2023-44487: HTTP/2 Rapid Reset  For a description of this vulnerability, see the following publications: How it works: The novel HTTP/2 'Rapid Reset' DDoS attack (Google) HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks (Cloudflare) CVE-2023-44487 - HTTP/2 Rapid Reset Attack (AWS) This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ

Cisco advisory · CSAF JSON

Workarounds

For potential workarounds on a specific Cisco product, refer to the Cisco bug ID, available from the Cisco Bug Search Tool ["https://bst.cloudapps.cisco.com/bugsearch"].

CVEsCVE-2023-44487
Cisco Bug IDsNA
CVSS ScoreBase 7.5
Base 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Contact Center Enterprise, Cisco NX-OS Software, Cisco Secure Web Appliance, Cisco Prime Network Registrar, Cisco TelePresence Video Communication Server (VCS) Expressway, Cisco Evolved Programmable Network Manager (EPNM), Cisco Enterprise Chat and Email, Cisco Prime Cable Provisioning, Cisco Ultra Cloud Core - Session Management Function, Cisco WAE Automation, Cisco Operational Insights Collector

Related Products

Product CVE Evidence
Cisco WAE Automation CVE-2023-44487 Cisco OpenVuln
Cisco Unified Contact Center Enterprise CVE-2023-44487 Cisco OpenVuln
Cisco Unified Contact Center CVE-2023-44487 Cisco OpenVuln
Cisco Ultra Cloud Core - Session Management Function CVE-2023-44487 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) Expressway CVE-2023-44487 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) CVE-2023-44487 Cisco OpenVuln
Cisco TelePresence CVE-2023-44487 Cisco OpenVuln
Cisco Secure Web Appliance CVE-2023-44487 Cisco OpenVuln
Cisco Prime Network Registrar CVE-2023-44487 Cisco OpenVuln
Cisco Prime Network CVE-2023-44487 Cisco OpenVuln
Cisco Prime Cable Provisioning CVE-2023-44487 Cisco OpenVuln
Cisco Operational Insights Collector CVE-2023-44487 Cisco OpenVuln
Cisco NX-OS Software CVE-2023-44487 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2023-44487 Cisco OpenVuln
Cisco Enterprise Chat and Email CVE-2023-44487 Cisco OpenVuln