—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in CISCO products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Cisco Crosswork Network Controller (CNC) version prior to 7.2

Cisco Network Services Orchestrator (NSO) versions prior to 6.5 and 6.4.1.3

Overview

A vulnerability has been reported in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected system.

Target Audience:

All IT administrators and individuals responsible for maintaining and updating Cisco products.

Risk Assessment:

High risk of service disruption and network management instability.

Impact Assessment:

Potential impact on availability of the affected systems and dependent network services.

Description

Cisco Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) are components of Ciscos Crosswork network automation portfolio, often working together to provide comprehensive, closed-loop automation.

This vulnerability exists due to an inadequate implementation of rate-limiting on incoming network connections in Cisco CNC and Cisco NSO. An attacker could exploit this vulnerability by sending a large number of connection requests to the targeted system.

Successful exploitation of this vulnerability could allow an attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a denial of service (DoS) condition for legitimate users.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc

Vendor Information

CISCO

https://www.cisco.com/site/us/en/products/index.html

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc

CVE Name

CVE-2026-20188

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoF4poACgkQ3jCgcSdc

ys8Mig//QR+ZclfnbTfIgrKK3ztrlQ94d2SxQT9+bUxk+ouhJuqlRr/KuATAHWet

mrqC9K6y41vQu42Jy+ZreX7ZtjYUdJwTVqlpp5tEnwaZc10chUgF1dOSz/0hRYNu

Sl9KBbBh8psTcJ1Idsi6SgML6yZ/JzIM6ZqlS4YMBW0PEgVi1gdiHbD9X3OHAJqx

Rb7apx9gFdA6E7k0/ff6N4lmeEndvrpmLoomsjr8k59O5p18+z5iO3UxV9nWgm9M

608wUbK8atQa0tRg77DzJXttYXBIOPm5sR157jpDQVDRLJ+Z1VTZ2Cs29qyZjS7Y

STv1GqX+dI7nG8r8MCaIVGb22lNvXXD4dKMR9P6IX/4uKEP17Db1M836BjM1x1qc

rxv669UEm0sWi6pPaotjvVTMMWHt5EFtdcB9ejZXL8LmnU1X+2x6UxG7wTCUDxdw

Z1vyBy1JUH+gSjb1EImkJ0njOWEr10WzAPaWTJPn/HXbkR5cic3pmxMafKpzJjB+

NJfG1LWyDNroBfe/vNgUU4+69ciyr6r/Sc0roxeiHiqY8kneYFU7jN0XPTsJnfsh

f7RSlQbGoDq1344FEojXHe/LBLyIwv71wJot54JpwMVFlEhkMViJMAuXo4t6LpO9

fOSEZY+PM2/QKInPmJHUm4rVNmaRmsYye3YE/tmKe3ek0HKy7JU=

=yZXw

—–END PGP SIGNATURE—–