CVE-2019-1718
Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. This vulnerability affects version 2.1.
Una vulnerabilidad en la interfaz web de Identity Services Engine (ISE) de Cisco, podría permitir que un atacante remoto no identificado desencadene un alto uso de la CPU, lo que resulta en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a un manejo inapropiado de las peticiones de renegociación Secure Sockets Layer (SSL). Un atacante podría explotar esta vulnerabilidad enviando peticiones de renegociación a una tasa alta. Una explotación con éxito podría aumentar el uso de recursos en el sistema, lo que eventualmente conllevaría a una condición DoS. Esta vulnerabilidad afecta a la versión 2.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-06 CVE Reserved
- 2019-04-17 CVE Published
- 2024-09-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/108030 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.1\(0.907\) Search vendor "Cisco" for product "Identity Services Engine" and version "2.1\(0.907\)" | - |
Affected
|