#VU14428 Resource exhaustion in Cisco Web Security Appliance - CVE-2018-0410

Cybersecurity Help s.r.o.

Published: 2018-08-15 | Updated: 2018-08-16

Vulnerability identifier: #VU14428

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-0410

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Web Security Appliance
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances due to improper management of memory resources for TCP connections. A remote attacker can establish a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6, exhaust system memory and cause the system to stop processing new connections.

Mitigation
The vulnerability has been fixed in the versions 11.5.0-614, 10.5.2-061, 10.1.3-054.

Vulnerable software versions

Cisco Web Security Appliance: 9.1.1 074 - 11.0.0 641

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Cisco AsyncOS for Cisco Web Security Appliances

Multiple vulnerabilities in Cisco Web Security Appliance