—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cisco IOS and IOS XE Software HTTP Server Denial of Service Vulnerability

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Cisco IOS XE Software

Cisco IOS Software

Overview

A vulnerability has been reported in HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device.

Successful exploitation of this vulnerability could allow the attacker to cause a watchdog timer to expire and the device to reload, resulting in a DoS condition.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-dos-sbv8XRpL

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-dos-sbv8XRpL

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-dos-sbv8XRpL

CVE Name

CVE-2026-20125

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnOgrUACgkQ3jCgcSdc

ys+URhAAp5owsV18HQDQWDA02GwH+j9UeaILBfRvEggoLtbmaWsN7b6LNcXDJBbX

o0OCNNedoUzC8o0OuOaTstNKIS/uOR36lbKUQzuUJoacyK5ge5mcMihj5zCFhm+g

1u3yxwkSBXALo5EEq/fP/WM8xoq9K9HE/gvPCBeT0e5x4bgLqnTeAS6LiX43UEJy

WQaVlrEvvnIokxYaYEYowOCXx1HjhEqc4bTojSNPJhk70ipU6CmR8mW1/S+E4Cen

wwLdz79YHuz7qrHEIzsgk4d1YhiE60PEnsn4rDhWoEj0BpdeddcHtyeHYhfnT7/w

Dy5iyNh4Z/gpcXsVYSSf4aQtgZ6i1kNCkrPDClnGp6brDGL0IEBJQY8SdY+nIMBK

z0WlQJQeSRwDqEIPwSwrpQDbqWqDqw8BjMVzI/UuB6TocpUrCc9OBAPLajDtdhe+

v3AdMtC8RXyuWJatK2CjaBBcpqAYVSd60PMKhafwghC0o5WR3l8K7zggKamMFygk

sTRuAQN8hx0rDsw2s4eEFgAEFeEUDd778vFD85985xgwQ9llPHHgTqsJh6Qw9yL8

86u7ZEYYS+Hq4N0dod8PnEL0sR7BSdOMgYCiOlpQpHtXSIvjCJAErX4nclKMG/47

iva1C8yhmCguBg9qFIyviGez3eiY2Ku3FocbP+CC6qIuIuLy7pA=

=n9OM

—–END PGP SIGNATURE—–