A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack.
This vulnerability enables a novel distributed denial of service (DDoS) attack technique.
This vulnerability was assigned with CVE-2023-44487 and a severity rating of 7.5 (High).
In addition, this vulnerability has been known to be actively exploited by threat actors in the wild.
CVE-2023-44487: HTTP/2 Rapid Reset
A threat actor could exploit this vulnerability by using the HTTP/2 protocol-level weakness, resulting in a Distributed Denial of Service condition on vulnerable Cisco devices.
The HTTP/2 rapid reset is a layer 7 attack that leverages the high efficiency of the HTTP/2 protocol feature, diverting them into a DDoS attack.
A threat actor can make the client open multiple concurrent streams on a single TCP connection, each corresponding to one HTTP request.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
Affected Products
Network and Content Security Devices
| Product | Fixed Release Availability |
| Secure Dynamic Attribute Connector (CSDAC) | 2.2 (Nov 2023)2.3 (Nov 2023) |
| Secure Malware Analytics Appliance, formerly Threat Grid Appliance | 2.19.2 (Dec 2023) |
| Secure Web Appliance, formerly Web Security Appliance (WSA) | |
| Network Management and Provisioning | |
| Business Process Automation | 3.2.003.009 (Nov 2023)4.0.001.003 (Nov 2023)4.0.002.003 (Nov 2023) |
| Crosswork Data Gateway | 4.1.3 (Dec 2023)5.0.2 (Dec 2023)6.0 (Dec 2023) |
| Crosswork Situation Manager | Contact Cisco TAC for upgrade options |
| Crosswork Zero Touch Provisioning (ZTP) | 6.0.0 (Dec 2023) |
| Data Center Network Manager (DCNM) – SAN Deployments on Windows or Linux | Apply Workaround |
| IoT Field Network Director, formerly Connected Grid Network Management System | 4.11.0 (Dec 2023) |
| Prime Access Registrar | 9.3.3 (Feb 2024) |
| Prime Cable Provisioning | 7.2.1 (Nov 2023) |
| Prime Infrastructure | 3.10.4 (Dec 2023) |
| Prime Network Registrar | 11.2 (Available) |
| Routing and Switching – Enterprise and Service Provider | |
| IOS XE Software | |
| IOS XR Software | |
| IOx Fog Director | 1.22 (Nov 2023) |
| Nexus 3000 Series Switches | |
| Nexus 9000 Series Switches in standalone NX-OS mode | |
| Ultra Cloud Core – Access and Mobility Management Function | 2024.02.0 (May 2024) |
| Ultra Cloud Core – Policy Control Function | 2024.01.0 (Feb 2024) |
| Ultra Cloud Core – Session Management Function | |
| Voice and Unified Communications Devices | |
| Enterprise Chat and Email | Apply Microsoft Windows Update or Workaround |
| Unified Attendant Console Advanced | Apply Microsoft Windows Update or Workaround |
| Unified Contact Center Domain Manager (CCDM) | Apply Microsoft Windows Update or Workaround |
| Unified Contact Center Enterprise (UCCE) | Apply Microsoft Windows Update or Workaround |
| Unified Contact Center Enterprise – Live Data server | 12.6.2 (Nov 2023) |
| Unified Contact Center Express (UCCX) | |
| Unified Contact Center Management Portal (CCMP) | Apply Microsoft Windows Update or Workaround |
| Video, Streaming, TelePresence, and Transcoding Devices | |
| Expressway Series | X14.3.3 (Dec 2023) |
| TelePresence Video Communication Server (VCS) | X14.3.3 (Dec 2023) |
| Wireless | |
| Connected Mobile Experiences | 11.1 (Feb 2024) |
Cisco has released security patches to fix this vulnerability on all of its affected versions and has urged its users to upgrade them appropriately to prevent them from getting exploited by threat actors.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.