Guest

Preview Tool

Cisco Bug: CSCut62022 - Too many REST calls can cause DoS on the ACS

Last Modified

Aug 18, 2016

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.5(0.46.2)

Description (partial)

Symptom:
A vulnerability in Representational State Transfer (REST) Application Programming Interface (API)
interface of the Access Control Server (ACS) could allow an unauthenticated, remote attacker to 
cause the ACS to reject or not service a valid ACS REST API request.

The vulnerability is due to how the ACS REST API handles increased traffic load. An attacker could 
exploit this vulnerability by a distributed denial-of-service (DoS) traffic pattern to increase traffic load 
to the ACS server to the REST API. An exploit could allow the attacker to cause the ACS REST API 
to reject or not service valid requests.

Conditions:
The ACS REST feature is enabled via the ''acs config-web-interface rest enable'' command.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.