CVE-2018-0410 - Vulnerability Details

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cisco	Web Security Appliance

Configuration 1 [-]

OR	cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.2-010:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.2-022:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.2-039:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.1-270:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.1-296:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.2-042:::::::*
	cpe:2.3:a:cisco:web_security_appliance:11.0.0-641:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105098
http://www.securitytracker.com/id/1041535
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

History

Tue, 26 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-08-15T20:00:00Z

Updated: 2024-11-26T14:48:03.996Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0410

Vulnrichment

Updated: 2024-08-05T03:21:15.605Z

NVD

Status : Modified

Published: 2018-08-15T20:29:00.657

Modified: 2024-11-21T03:38:10.247

Link: CVE-2018-0410

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object