8.6

CVE-2018-0410

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoWeb Security Appliance Version9.1.1-074
CiscoWeb Security Appliance Version9.1.2-010
CiscoWeb Security Appliance Version9.1.2-022
CiscoWeb Security Appliance Version9.1.2-039
CiscoWeb Security Appliance Version10.1.0-204
CiscoWeb Security Appliance Version10.1.1-235
CiscoWeb Security Appliance Version10.5.1-270
CiscoWeb Security Appliance Version10.5.1-296
CiscoWeb Security Appliance Version10.5.2-042
CiscoWeb Security Appliance Version11.0.0-641
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.12% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://www.securityfocus.com/bid/105098
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041535
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos
Vendor Advisory