Cisco AppDynamics Network Visibility Agent 中存在一个漏洞，允许未经身份验证的本地攻击者对受影响设备造成拒绝服务 (DoS) 条件。该漏洞是由于无法处理意外输入造成的。拥有本地设备访问权限的攻击者可以通过向目标服务发送 HTTP 请求来利用此漏洞。成功利用该漏洞可能允许攻击者通过停止本地设备上的 Network Agent Service 来造成 DoS 条件。

🤔 **漏洞描述:** Cisco AppDynamics Network Visibility Agent 存在一个漏洞，允许未经身份验证的本地攻击者对受影响设备造成拒绝服务 (DoS) 条件。该漏洞是由于无法处理意外输入造成的。

💻 **攻击方式:** 拥有本地设备访问权限的攻击者可以通过向目标服务发送 HTTP 请求来利用此漏洞。

💥 **影响:** 成功利用该漏洞可能允许攻击者通过停止本地设备上的 Network Agent Service 来造成 DoS 条件。

🛡️ **解决方案:** Cisco 已发布解决此漏洞的软件更新。目前没有解决此漏洞的变通方法。

🔗 **参考链接:** https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK

Security Impact Rating: Medium
CVE: CVE-2024-20394