Detections
Analytics
Cisco Products Uncontrolled Resource Consumption (CVE-2023-44487)
high Tenable OT Security Plugin ID 502811
Synopsis
The remote OT asset is affected by a vulnerability.Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
https://news.ycombinator.com/item?id=37831062
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/eclipse/jetty.project/issues/10679
https://github.com/alibaba/tengine/issues/1872
https://github.com/nghttp2/nghttp2/pull/1961
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/caddyserver/caddy/issues/5877
https://github.com/haproxy/haproxy/issues/2312
https://github.com/grpc/grpc-go/pull/6703
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://my.f5.com/manage/s/article/K000137106
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
https://github.com/micrictor/http2-rst-stream
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/dotnet/announcements/issues/277
https://github.com/apache/trafficserver/pull/10564
https://github.com/facebook/proxygen/pull/466
https://github.com/microsoft/CBL-Mariner/pull/6381
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://github.com/nodejs/node/pull/50121
https://github.com/h2o/h2o/pull/3291
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/golang/go/issues/63417
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://www.openwall.com/lists/oss-security/2023/10/10/6
http://www.nessus.org/u?a0ff880f
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
https://news.ycombinator.com/item?id=37837043
https://www.debian.org/security/2023/dsa-5522
https://www.debian.org/security/2023/dsa-5521
https://github.com/kazu-yamamoto/http2/issues/93
https://blog.vespa.ai/cve-2023-44487/
https://github.com/tempesta-tech/tempesta/issues/1986
https://ubuntu.com/security/CVE-2023-44487
https://access.redhat.com/security/cve/cve-2023-44487
https://github.com/junkurihara/rust-rpxy/issues/97
https://istio.io/latest/news/security/istio-security-2023-004/
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://github.com/etcd-io/etcd/issues/16740
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://github.com/ninenines/cowboy/issues/1615
https://github.com/varnishcache/varnish-cache/issues/3996
https://github.com/apache/httpd-site/pull/10
https://github.com/line/armeria/pull/5232
https://github.com/projectcontour/contour/pull/5826
https://github.com/akka/akka-http/issues/4323
https://github.com/apache/apisix/issues/10320
https://github.com/openresty/openresty/issues/930
https://github.com/Azure/AKS/issues/3947
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://security.paloaltonetworks.com/CVE-2023-44487
https://github.com/Kong/kong/discussions/11741
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://security.netapp.com/advisory/ntap-20231016-0001/
http://www.openwall.com/lists/oss-security/2023/10/18/4
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
https://www.debian.org/security/2023/dsa-5540
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://www.debian.org/security/2023/dsa-5549
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
https://www.debian.org/security/2023/dsa-5558
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
https://security.gentoo.org/glsa/202311-09
https://www.debian.org/security/2023/dsa-5570
http://www.openwall.com/lists/oss-security/2023/10/20/8
http://www.openwall.com/lists/oss-security/2023/10/18/8
https://security.netapp.com/advisory/ntap-20240426-0007/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0007/
http://www.openwall.com/lists/oss-security/2023/10/13/4
http://www.openwall.com/lists/oss-security/2023/10/13/9
http://www.openwall.com/lists/oss-security/2023/10/19/6
http://www.nessus.org/u?a1b880e9
http://www.nessus.org/u?f8fe5c87
http://www.nessus.org/u?b5406717
http://www.nessus.org/u?be45f645
http://www.nessus.org/u?0537e63f
http://www.nessus.org/u?ce3e9a68
http://www.nessus.org/u?c32c8c53
http://www.nessus.org/u?4c3cd3ed
http://www.nessus.org/u?ca8a93f5
http://www.nessus.org/u?d3d71903
http://www.nessus.org/u?0c741aa8
http://www.nessus.org/u?549338dd
http://www.nessus.org/u?f3ee5f37
http://www.nessus.org/u?085650ec
http://www.nessus.org/u?207c3e1e
http://www.nessus.org/u?671e538e
http://www.nessus.org/u?bca769b8
http://www.nessus.org/u?278c058f
http://www.nessus.org/u?703bea4f
http://www.nessus.org/u?0254b09d
http://www.nessus.org/u?fbc56a4b
http://www.nessus.org/u?e0f24fac
http://www.nessus.org/u?2f775382
http://www.nessus.org/u?198681ed
http://www.nessus.org/u?6bd76af3
http://www.nessus.org/u?f4925e56
http://www.nessus.org/u?5925ba24
http://www.nessus.org/u?15e705b5
http://www.nessus.org/u?719403b9
http://www.nessus.org/u?5bdf5fa7
http://www.nessus.org/u?f9b3ddfe
http://www.nessus.org/u?444699b3
http://www.nessus.org/u?72609613
http://www.nessus.org/u?848a1968
http://www.nessus.org/u?dc340493
http://www.nessus.org/u?c0580f4a
http://www.nessus.org/u?599d9cfc
http://www.nessus.org/u?0d77e313
http://www.nessus.org/u?750d74ff
http://www.nessus.org/u?737d31e0
http://www.nessus.org/u?ff833d1d
http://www.nessus.org/u?46ac6821
http://www.nessus.org/u?429494b7
http://www.nessus.org/u?b59b862f
http://www.nessus.org/u?f85f1cd0
http://www.nessus.org/u?2ae59881
http://www.nessus.org/u?fa341e67
http://www.nessus.org/u?6afb6e5c
http://www.nessus.org/u?2cf47e27
Plugin Details
Severity: High
ID: 502811
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 1/6/2025
Updated: 1/6/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2023-44487
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:nx-os:10
Required KB Items: Tenable.ot/Cisco
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/10/2023
Vulnerability Publication Date: 10/10/2023
CISA Known Exploited Vulnerability Due Dates: 10/31/2023
Reference Information
CVE: CVE-2023-44487
CWE: 400