—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability

Advisory ID: cisco-sa-20180815-wsa-dos

Revision: 1.0

For Public Release: 2018 August 15 16:00 GMT

Last Updated: 2018 August 15 16:00 GMT

CVE ID(s): CVE-2018-0410

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system.

The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbdE9tXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczAcAP/RamfilecyQevOLBOXuJCSGSw4LA
cA8+waymayJmByMsmrFS8MJ12ZB4+DFtt9l8prJTlP25xPjjTM/bFzK+CVQ3FoWF
+kS3bXtN3KQ2O40DV0OhchkKFi/eRGGOSH1Bmv0iK2Cb/9lb1D6x17PZlKmwe0gW
GqM8hTIsVCWviDh7zaNlXmyvl+b6effx0lzA6Irrg4GAC/GBua6rNousuWidFanE
dm2mQ+B/YsbWHE8RI79Qy87oay2I/67kbJK8AG1TvOT2+i6Eqg/+9PVRiGrFsvxB
KjWrd9aZl/hCTsbnHh6ItL2OSqoUYagNZnCVlC+kCeN1GSePjhZv1D19vO6uyLt/
pencN2wPiVERy3J6wUWTR8mrPqw6gWsK3rmt1O/sKx7wJ3qSZ1brIkeQ1BBAYoil
PcABBAlwkLFvbftPDR9wFl8KkCj/BbkQHyT5dvR/bBGhA1aRrqUr3SUq8+zF5FEh
uN5cwB4D9dH1lOCALNXpiSBwYnDBzjK9+dNtbHmJjlan4le+qtMdglMxF1W1IoME
ExIiidrxd+DNth4X24C442/UKMibo2sIs6Z0BHhw7vPmYx6yNXULRa5rI0Q+G9Wl
6i/iP9HV0f6YHdfvujMZ1b75zWV06I5bbTApFcGtbW/3FAeudeKSBdVCsmM0fwLr
lYpbm1Hu12sPi8QX
=c89P
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com