Cisco Patches Critical DoS Flaw in Crosswork, Manual Reboot Needed

Cisco has released patches for a high‑severity denial‑of‑service (DoS) vulnerability affecting its Crosswork Network Controller and Network Services Orchestrator (NSO) products. Tracked as CVE‑2024‑20328, the flaw is described as an insufficient input‑validation issue in the HTTP/HTTPS server component of both platforms. An unauthenticated remote attacker can exploit the bug by sending a specially crafted HTTP request, causing the service to become unresponsive and leaving affected devices unable to process legitimate traffic until a manual reboot is performed.

The vulnerability carries a CVSS v3.1 base score of 8.6 (High), reflecting the potential for complete service disruption. Technical analysis shows that the malicious request triggers an infinite loop or memory exhaustion within the server process, effectively halting all further request handling. Affected deployments include Cisco Crosswork Network Controller versions prior to 6.0.0 and NSO versions prior to 6.0.0, which are widely used in service‑provider environments for network‑service orchestration and topology management.

Cisco has made software updates available that remediate the input‑validation flaw. Administrators should download the appropriate patches from the Cisco Software Center or use the Cisco AutoUpdate mechanism to bring their installations to version 6.0.0 or later. In cases where immediate patching is not feasible, network‑level mitigations such as restricting access to the HTTP/HTTPS management interfaces to trusted subnets can reduce the attack surface. Because recovery from a successful exploit requires a manual reboot, organizations are advised to schedule maintenance windows and ensure that failover mechanisms are in place to minimize service downtime.

Security teams should also audit logs for any unusual HTTP request patterns that could indicate exploitation attempts and verify that their incident‑response playbooks include steps for system recovery after a forced reboot. Cisco’s advisory provides specific remediation steps and a list of affected software releases, making it straightforward to prioritize patching across the estate.