CVE-2021-1220

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is due to insufficient error handling in the web UI of Cisco IOS XE Software, allowing an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note that these vulnerabilities do not affect the console connection.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.