CVE-2023-20125

{"id": "CVE-2023-20125", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2024-11-15T15:15:05.347", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-tcp-dos-KEdJCxLs", "source": "ykramarz@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition.\r\n\r\nThis vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable.\r\nNote: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz local de Cisco BroadWorks Network Server podr\u00eda permitir que un atacante remoto no autenticado agote los recursos del sistema, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad existe porque no se produce una limitaci\u00f3n de velocidad para determinadas conexiones TCP entrantes. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una alta tasa de conexiones TCP al servidor. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante hacer que los recursos de conexi\u00f3n TCP crezcan r\u00e1pidamente hasta que Cisco BroadWorks Network Server se vuelva inutilizable. Nota: Para recuperarse de esta vulnerabilidad, se debe reiniciar el software de Cisco BroadWorks Network Server o el nodo de Cisco BroadWorks Network Server. Para obtener m\u00e1s informaci\u00f3n, consulte la secci\u00f3n de este aviso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."}], "lastModified": "2024-11-18T17:11:56.587", "sourceIdentifier": "ykramarz@cisco.com"}