Monday, March 17, 2025
HomeCiscoCisco Patched Products Vulnerable to HTTP/2 Rapid Reset Attack

Cisco Patched Products Vulnerable to HTTP/2 Rapid Reset Attack

Published on

SIEM as a Service

Follow Us on Google News

A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack.

This vulnerability enables a novel distributed denial of service (DDoS) attack technique.

This vulnerability was assigned with CVE-2023-44487 and a severity rating of 7.5 (High).

In addition, this vulnerability has been known to be actively exploited by threat actors in the wild. 

CVE-2023-44487: HTTP/2 Rapid Reset

A threat actor could exploit this vulnerability by using the HTTP/2 protocol-level weakness, resulting in a Distributed Denial of Service condition on vulnerable Cisco devices.

The HTTP/2 rapid reset is a layer 7 attack that leverages the high efficiency of the HTTP/2 protocol feature, diverting them into a DDoS attack. 

A threat actor can make the client open multiple concurrent streams on a single TCP connection, each corresponding to one HTTP request.

Document
Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Affected Products

Network and Content Security Devices

ProductFixed Release Availability
Secure Dynamic Attribute Connector (CSDAC)2.2 (Nov 2023)2.3 (Nov 2023)
Secure Malware Analytics Appliance, formerly Threat Grid Appliance2.19.2 (Dec 2023)
Secure Web Appliance, formerly Web Security Appliance (WSA)
Network Management and Provisioning
Business Process Automation3.2.003.009 (Nov 2023)4.0.001.003 (Nov 2023)4.0.002.003 (Nov 2023)
Crosswork Data Gateway4.1.3 (Dec 2023)5.0.2 (Dec 2023)6.0 (Dec 2023)
Crosswork Situation ManagerContact Cisco TAC for upgrade options
Crosswork Zero Touch Provisioning (ZTP)6.0.0 (Dec 2023)
Data Center Network Manager (DCNM) – SAN Deployments on Windows or LinuxApply Workaround
IoT Field Network Director, formerly Connected Grid Network Management System4.11.0 (Dec 2023)
Prime Access Registrar9.3.3 (Feb 2024)
Prime Cable Provisioning7.2.1 (Nov 2023)
Prime Infrastructure3.10.4 (Dec 2023)
Prime Network Registrar11.2 (Available)
Routing and Switching – Enterprise and Service Provider
IOS XE Software
IOS XR Software
IOx Fog Director1.22 (Nov 2023)
Nexus 3000 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode
Ultra Cloud Core – Access and Mobility Management Function2024.02.0 (May 2024)
Ultra Cloud Core – Policy Control Function2024.01.0 (Feb 2024)
Ultra Cloud Core – Session Management Function
Voice and Unified Communications Devices
Enterprise Chat and EmailApply Microsoft Windows Update or Workaround
Unified Attendant Console AdvancedApply Microsoft Windows Update or Workaround
Unified Contact Center Domain Manager (CCDM)Apply Microsoft Windows Update or Workaround
Unified Contact Center Enterprise (UCCE)Apply Microsoft Windows Update or Workaround
Unified Contact Center Enterprise – Live Data server12.6.2 (Nov 2023)
Unified Contact Center Express (UCCX)
Unified Contact Center Management Portal (CCMP)Apply Microsoft Windows Update or Workaround
Video, Streaming, TelePresence, and Transcoding Devices
Expressway SeriesX14.3.3 (Dec 2023)
TelePresence Video Communication Server (VCS)X14.3.3 (Dec 2023)
Wireless
Connected Mobile Experiences11.1 (Feb 2024)

Cisco has released security patches to fix this vulnerability on all of its affected versions and has urged its users to upgrade them appropriately to prevent them from getting exploited by threat actors.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kentico Xperience CMS Vulnerability Enables Remote Code Execution

In recent security research, vulnerabilities in the Kentico Xperience CMS have come to light,...

Wazuh SIEM Vulnerability Enables Remote Malicious Code Execution

A critical vulnerability, identified as CVE-2025-24016, has been discovered in the Wazuh Security Information...

Espressif Systems Flaws Allow Hackers to Execute Arbitrary Code

A series of vulnerabilities has been discovered in Espressif Systems' ESP32 devices, specifically affecting...

AI Operator Agents Helping Hackers Generate Malicious Code

Symantec's Threat Hunter Team has demonstrated how AI agents like OpenAI's Operator can now...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Kentico Xperience CMS Vulnerability Enables Remote Code Execution

In recent security research, vulnerabilities in the Kentico Xperience CMS have come to light,...

Wazuh SIEM Vulnerability Enables Remote Malicious Code Execution

A critical vulnerability, identified as CVE-2025-24016, has been discovered in the Wazuh Security Information...

Espressif Systems Flaws Allow Hackers to Execute Arbitrary Code

A series of vulnerabilities has been discovered in Espressif Systems' ESP32 devices, specifically affecting...