Memory Exhaustion in Cisco Web Security Appliances Due to Improper Management
CVE-2018-0410

8.6HIGH

Key Information:

Vendor
Cisco
Status
Asyncos Software For Cisco Web Security Appliances
Vendor
CVE Published:
15 August 2018

Summary

A vulnerability exists in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances, allowing unauthenticated remote attackers to exploit memory resource management flaws. By leveraging the ability to establish numerous TCP connections to the affected device's data interface using either IPv4 or IPv6, an attacker could lead the system to exhaust its memory. This exploitation results in a denial of service, potentially halting new connection processing and requiring manual intervention for system recovery.

Affected Version(s)

AsyncOS Software for Cisco Web Security Appliances = unspecified

References

http://www.securityfocus.com/bid/105098
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1041535
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.