A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition.
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Crosswork Network Change Automation | 3.0.0, 1.0.0, 2.0.2, 4.0.0, 4.1.0, 4.5.0, 5.0.0, 4.5.1, 4.5.2, 5.0.2, 4.1.3, 6.0.0, 7.0.0, 4.1.4, 5.0.4, 7.1.0, 7.0.3, 7.1.3, 5.7, 5.7.1, 5.7.1.1, 5.7.2, 5.7.2.1, 5.7.3, 5.8, 5.6.6.1, 5.7.5.1, 5.6.7.1, 5.6.7, 5.8.1, 5.6.6, 5.8.2.1, 5.7.5, 5.7.4, 5.8.2, 5.6.7.2, 5.7.6, 5.7.6.1, 5.8.3, 5.6.8, 5.7.6.2, 5.8.4, 5.7.7, 5.6.9, 5.6.8.1, 5.8.5, 5.7.8, 6.0, 5.7.8.1, 6.0.1, 5.6.10, 5.8.6, 6.0.1.1, 6.0.2, 5.7.9, 5.6.11, 5.8.7, 6.0.3, 5.7.10, 5.6.12, 5.8.8, 6.0.4, 5.7.10.1, 6.1, 5.7.6.3, 5.7.11, 6.0.5, 5.6.13, 5.8.9, 6.1.1, 5.7.10.2, 6.0.6, 5.7.12, 5.6.14, 5.8.10, 6.0.7, 5.7.13, 5.8.11, 6.0.8, 5.6.14.1, 5.8.12, 6.0.9, 5.8.13, 5.7.14, 6.0.10, 6.0.11, 5.7.15, 6.0.12, 5.7.9.1, 5.7.15.1, 6.0.13, 5.6.14.3, 5.8.13.1, 5.7.16, 5.7.17, 5.7.17.1, 5.7.18, 5.7.19, 5.7.19.1, 6.3, 6.4, 6.4.1.3, 6.5, 7.1 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| cis | cisco network services orchestrator | mitre_affected | 90% |
Updated description with more technical detail, added affected versions 6.3, 6.4, 6.4.1.3, 6.5, and specified patch available as version 7.2.
Initial creation
