A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote…
cisco·CWE-228·Published 2026-03-25
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit could allow the attacker to cause a watchdog timer to expire and the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker must have a valid user account.
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit could allow the attacker to cause a watchdog timer to expire and the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker must have a valid user account.
Una vulnerabilidad en la característica de servidor HTTP de Cisco IOS Software y Cisco IOS XE Software Release 3E podría permitir a un atacante remoto autenticado causar que un dispositivo afectado se recargue inesperadamente, lo que resultaría en una condición de denegación de servicio (DoS). Esta vulnerabilidad se debe a una validación incorrecta de la entrada proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad enviando solicitudes HTTP malformadas a un dispositivo afectado. Un exploit exitoso podría permitir al atacante causar que un temporizador watchdog expire y que el dispositivo se recargue, lo que resultaría en una condición de DoS. Para explotar esta vulnerabilidad, el atacante debe tener una cuenta de usuario válida.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 7.7 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
| 3.1 | Primary | NVD | 7.7 | 3.1 | 4.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
| 3.1 | Primary | cve.org | 7.7 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |