Title: Cisco Content Service Switch Long Filename Denial of Service Vulnerability
Severity: MODERATE
Description:
The Cisco Content Services (CSS) switches are hardware designed to provide enhanced web services for e-commerece and Web Content delivery using the Cisco Web Network Services (Web NS). The CSS switch is distributed by Cisco Systems.
A problem in the CSS could allow a local user to deny service to legitimate users. The problem occurs in the handling of input by local users. A user must have access to the switch command line interface prior to launching an attack, but not have administrative privileges. Upon connecting to a non-privileged account, a user can locally execute a command on the switch which requires a file name as an argument. Upon specifying a filename that is the maximum size of the filename buffer, the switch reboots and starts system checks.
This vulnerability makes it possible for a user with malicious intentions to connect to a switch granting sufficient privileges, and execute a command that could deny service to legitimate network users. This vulnerability affects CSS switches 11050, 11150, and 11800.
Affected Products:
- Cisco CSS11000 Content Services Switch
- Cisco CSS11050 Content Services Switch
- Cisco CSS11150 Content Services Switch
- Cisco CSS11501 Content Services Switch
- Cisco CSS11503 Content Services Switch
- Cisco CSS11506 Content Services Switch
- Cisco CSS11800 Content Services Switch
- Cisco WebNS 3.0.0
- Cisco WebNS 4.0.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
