CVE-2021-1350Allocation of Resources Without Limits or Throttling in Cisco Umbrella Insights Virtual Appliance

CWE-770Allocation of Resources Without Limits or Throttling6 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 42.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Umbrella Insights Virtual Appliance
Timeline
PublishedJan 20
Latest updateMay 24

Description

A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-28r8-9g34-2x25: A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service2022-05-24
CVEList
Cisco Umbrella Dashboard Packet Flood Vulnerability2021-01-20

📋Vendor Advisories

1
Cisco
Cisco Umbrella Dashboard Packet Flood Vulnerability2021-01-20

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD2021-11-17
Talos
Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD2021-11-17
CVE-2021-1350 — Cisco vulnerability | cvebase