Lucene search

CiscoCVE-2018-0410

HistoryAug 15, 2018 - 8:29 p.m.

CVE-2018-0410

2018-08-1520:29:00

CWE-400

cisco

web.nvd.nist.gov

cisco

web security

appliances

vulnerability

memory exhaustion

dos

cisco bug ids

nvd

cve-2018-0410

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.

Affected configurations

Nvd

Node

ciscoweb_security_applianceMatch9.1.1-074

ciscoweb_security_applianceMatch9.1.2-010

ciscoweb_security_applianceMatch9.1.2-022

ciscoweb_security_applianceMatch9.1.2-039

ciscoweb_security_applianceMatch10.1.0-204

ciscoweb_security_applianceMatch10.1.1-235

ciscoweb_security_applianceMatch10.5.1-270

ciscoweb_security_applianceMatch10.5.1-296

ciscoweb_security_applianceMatch10.5.2-042

ciscoweb_security_applianceMatch11.0.0-641

VendorProductVersionCPE
ciscoweb_security_appliance9.1.1-074cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:*:*:*:*:*:*:*
ciscoweb_security_appliance9.1.2-010cpe:2.3:a:cisco:web_security_appliance:9.1.2-010:*:*:*:*:*:*:*
ciscoweb_security_appliance9.1.2-022cpe:2.3:a:cisco:web_security_appliance:9.1.2-022:*:*:*:*:*:*:*
ciscoweb_security_appliance9.1.2-039cpe:2.3:a:cisco:web_security_appliance:9.1.2-039:*:*:*:*:*:*:*
ciscoweb_security_appliance10.1.0-204cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*
ciscoweb_security_appliance10.1.1-235cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:*:*:*:*:*:*:*
ciscoweb_security_appliance10.5.1-270cpe:2.3:a:cisco:web_security_appliance:10.5.1-270:*:*:*:*:*:*:*
ciscoweb_security_appliance10.5.1-296cpe:2.3:a:cisco:web_security_appliance:10.5.1-296:*:*:*:*:*:*:*
ciscoweb_security_appliance10.5.2-042cpe:2.3:a:cisco:web_security_appliance:10.5.2-042:*:*:*:*:*:*:*
ciscoweb_security_appliance11.0.0-641cpe:2.3:a:cisco:web_security_appliance:11.0.0-641:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	web_security_appliance	9.1.1-074	cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:::::::*
cisco	web_security_appliance	9.1.2-010	cpe:2.3:a:cisco:web_security_appliance:9.1.2-010:::::::*
cisco	web_security_appliance	9.1.2-022	cpe:2.3:a:cisco:web_security_appliance:9.1.2-022:::::::*
cisco	web_security_appliance	9.1.2-039	cpe:2.3:a:cisco:web_security_appliance:9.1.2-039:::::::*
cisco	web_security_appliance	10.1.0-204	cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:::::::*
cisco	web_security_appliance	10.1.1-235	cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:::::::*
cisco	web_security_appliance	10.5.1-270	cpe:2.3:a:cisco:web_security_appliance:10.5.1-270:::::::*
cisco	web_security_appliance	10.5.1-296	cpe:2.3:a:cisco:web_security_appliance:10.5.1-296:::::::*
cisco	web_security_appliance	10.5.2-042	cpe:2.3:a:cisco:web_security_appliance:10.5.2-042:::::::*
cisco	web_security_appliance	11.0.0-641	cpe:2.3:a:cisco:web_security_appliance:11.0.0-641:::::::*

CNA Affected

[
  {
    "product": "AsyncOS Software for Cisco Web Security Appliances",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105098

www.securitytracker.com/id/1041535

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

Related for CVE-2018-0410