OpenCVE

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Web Security Appliance

Configuration 1 [-]

OR	cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.2-010:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.2-022:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.2-039:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.1-270:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.1-296:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.2-042:::::::*
	cpe:2.3:a:cisco:web_security_appliance:11.0.0-641:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105098
http://www.securitytracker.com/id/1041535
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-08-15T20:00:00Z

Updated: 2024-09-16T21:04:14.195Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0410

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-15T20:29:00.657

Modified: 2019-10-09T23:32:00.897

Link: CVE-2018-0410

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object