CVE-2021-1266
MEDIUMCisco Managed Services Accelerator < 3.10.0 - Authenticated Denial of Service via REST API Request Flood
Title source: llmDescription
A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-msx-dos-4j7sytvU
Scores
CVSS v3
4.3
EPSS
0.0037
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
cisco/managed_services_accelerator
< 3.10.0
Published
Feb 04, 2021
Tracked Since
Feb 18, 2026