CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
64.8%
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to memory management failures during processing of TCP connections.
The vulnerability is due to the improper handling of a malformed HTTP server responses. An unauthenticated, remote attacker with a privileged network position could exploit the vulnerability by conducting a man-in-the-middle (MitM) attack and supplying malformed HTTP server responses to the vulnerable device. A successful exploit could allow the attacker to cause the device to improperly close TCP connections and fail to free memory resources, resulting in a partial DoS condition.
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit the vulnerability, the attacker would need to send crafted HTTP requests to the targeted system through the WSA web interface. Because the attacker does not need to authenticate to send the crafted HTTP requests, the likelihood of an exploit is increased.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | web_security_appliance_\(wsa\) | any | cpe:2.3:a:cisco:web_security_appliance_\(wsa\):any:*:*:*:*:*:*:* |