Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Cisco

 

Systems Affected


Cisco Async OS versions for Cisco WAS on both virtual and hardware
Cisco Async OS Software version 7.7, 8.0,8.5 prior to 8.5.0-069, 8.6, 8.7, 8.8, 9.x prior to 9.0.1-162

Threat Level


High


Overview


Multiple vulnerabilities have been reported in Cisco which could be exploited by an unauthenticated remote attacker to cause denial of service condition (DoS) on the targeted device.


Description


1. Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability ( CVE-2016-1380 )
This vulnerability is due to a lack of proper input validation of the packets that make up the HTTP POST request which could be exploited by a remote attacker by sending specially crafted HTTP POST request to trigger an input validation flaw and cause the target proxy process to become unresponsive and WSA reloading. Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial of service (DoS) due to proxy process becoming unresponsive.

2. Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability ( CVE-2015-6313 )
This vulnerability is due to failure to free memory when file range for cached content is requested through the WSA which could be exploited by opening multiple connections and request cached file range to cause the device fail to free memory and device will stop passing traffic. Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition.

3. Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability ( CVE-2016-1382 )
This vulnerability occurs due to affected software does not properly allocate space for the HTTP header and any expected HTTP payload which could be exploited by remote attackers by sending specially crafted HTTP request to trigger a memory allocation error and cause the targeted proxy process to restart and traffic processed by the device will be dropped. Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition when the proxy process unexpectedly restarts.

4. Cisco Web Security Appliance Connection Denial of Service Vulnerability ( CVE-2016-1383 )
This vulnerability occurs because the software does not free client and server connection memory and system file descriptors when a certain HTTP response code is received in the HTTP request which could be exploited by remote attackers by sending specially crafted HTTP response code to cause the targeted device to fail to free connection memory and device file descriptors and cause the device will run out of system memory. Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition due to appliance runs out of memory.


Impact



Solution/ Workarounds


Apply appropriate updates as mentioned in CISCO advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.