CVE-2021-1356

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is due to insufficient error handling in the web UI of Cisco IOS XE Software, allowing an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. These vulnerabilities do not affect the console connection.

Recommendations: As a temporary workaround, consider disabling the web UI until a patch is available. Restrict access to the web UI to minimize the risk of exploitation. Cisco has released software updates that address these vulnerabilities, it is recommended to apply these updates to resolve the issue. There are no workarounds that address these vulnerabilities.