Detections
Analytics
Cisco Products Uncontrolled Resource Consumption (CVE-2023-44487)
high Tenable OT Security Plugin ID 502811
Synopsis
The remote OT asset is affected by a vulnerability.Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
https://github.com/kazu-yamamoto/http2/issues/93
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/line/armeria/pull/5232
http://www.nessus.org/u?bca769b8
https://github.com/micrictor/http2-rst-stream
https://github.com/microsoft/CBL-Mariner/pull/6381
http://www.nessus.org/u?278c058f
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://github.com/ninenines/cowboy/issues/1615
https://github.com/nodejs/node/pull/50121
https://github.com/openresty/openresty/issues/930
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/projectcontour/contour/pull/5826
https://github.com/tempesta-tech/tempesta/issues/1986
https://github.com/varnishcache/varnish-cache/issues/3996
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://istio.io/latest/news/security/istio-security-2023-004/
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
http://www.nessus.org/u?703bea4f
http://www.nessus.org/u?0254b09d
http://www.nessus.org/u?fbc56a4b
http://www.nessus.org/u?e0f24fac
http://www.nessus.org/u?2f775382
http://www.nessus.org/u?198681ed
http://www.nessus.org/u?6bd76af3
http://www.nessus.org/u?f4925e56
http://www.nessus.org/u?5925ba24
http://www.nessus.org/u?15e705b5
http://www.nessus.org/u?719403b9
http://www.nessus.org/u?5bdf5fa7
http://www.nessus.org/u?f9b3ddfe
http://www.nessus.org/u?444699b3
http://www.nessus.org/u?72609613
http://www.nessus.org/u?848a1968
http://www.nessus.org/u?dc340493
http://www.nessus.org/u?c0580f4a
http://www.nessus.org/u?599d9cfc
http://www.nessus.org/u?0d77e313
http://www.nessus.org/u?750d74ff
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
http://www.nessus.org/u?737d31e0
http://www.nessus.org/u?ff833d1d
http://www.nessus.org/u?46ac6821
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://my.f5.com/manage/s/article/K000137106
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://news.ycombinator.com/item?id=37831062
https://news.ycombinator.com/item?id=37837043
http://www.nessus.org/u?429494b7
http://www.nessus.org/u?b59b862f
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20231016-0001/
https://security.netapp.com/advisory/ntap-20240426-0007/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0007/
https://security.paloaltonetworks.com/CVE-2023-44487
http://www.nessus.org/u?a0ff880f
https://ubuntu.com/security/CVE-2023-44487
http://www.nessus.org/u?f85f1cd0
http://www.nessus.org/u?2ae59881
http://www.nessus.org/u?fa341e67
https://www.debian.org/security/2023/dsa-5521
https://www.debian.org/security/2023/dsa-5522
https://www.debian.org/security/2023/dsa-5540
https://www.debian.org/security/2023/dsa-5549
https://www.debian.org/security/2023/dsa-5558
https://www.debian.org/security/2023/dsa-5570
http://www.nessus.org/u?6afb6e5c
http://www.nessus.org/u?2cf47e27
http://www.nessus.org/u?bfa2ac7e
https://www.openwall.com/lists/oss-security/2023/10/10/6
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
http://www.nessus.org/u?75d84160
http://www.openwall.com/lists/oss-security/2023/10/13/4
http://www.openwall.com/lists/oss-security/2023/10/13/9
http://www.openwall.com/lists/oss-security/2023/10/18/4
http://www.openwall.com/lists/oss-security/2023/10/18/8
http://www.openwall.com/lists/oss-security/2023/10/19/6
http://www.openwall.com/lists/oss-security/2023/10/20/8
https://access.redhat.com/security/cve/cve-2023-44487
http://www.nessus.org/u?a1b880e9
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
http://www.nessus.org/u?f8fe5c87
http://www.nessus.org/u?b5406717
http://www.nessus.org/u?be45f645
http://www.nessus.org/u?0537e63f
https://blog.vespa.ai/cve-2023-44487/
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://bugzilla.suse.com/show_bug.cgi?id=1216123
http://www.nessus.org/u?ce3e9a68
http://www.nessus.org/u?c32c8c53
http://www.nessus.org/u?4c3cd3ed
http://www.nessus.org/u?ca8a93f5
http://www.nessus.org/u?d3d71903
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
http://www.nessus.org/u?0c741aa8
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://github.com/akka/akka-http/issues/4323
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/apisix/issues/10320
https://github.com/apache/httpd-site/pull/10
http://www.nessus.org/u?549338dd
http://www.nessus.org/u?f3ee5f37
https://github.com/apache/trafficserver/pull/10564
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/caddyserver/caddy/issues/5877
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://github.com/dotnet/announcements/issues/277
http://www.nessus.org/u?085650ec
https://github.com/eclipse/jetty.project/issues/10679
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/etcd-io/etcd/issues/16740
https://github.com/facebook/proxygen/pull/466
https://github.com/golang/go/issues/63417
https://github.com/grpc/grpc-go/pull/6703
https://github.com/h2o/h2o/pull/3291
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/haproxy/haproxy/issues/2312
http://www.nessus.org/u?207c3e1e
Plugin Details
Severity: High
ID: 502811
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 1/6/2025
Updated: 1/6/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2023-44487
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:nx-os:10
Required KB Items: Tenable.ot/Cisco
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/10/2023
Vulnerability Publication Date: 10/10/2023
CISA Known Exploited Vulnerability Due Dates: 10/31/2023
Reference Information
CVE: CVE-2023-44487
CWE: 400