What is the Issue?
There exists a vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances. This happens because of the improper handling of memory resources by this software for TCP connections on any device. Manual intervention may be required for system recovery if an attacker exploits this vulnerability on any device.
Why is this noteworthy?
An attacker could exploit this vulnerability to exhaust the system memory and cause the system to stop processing new connections. A remote attacker can exhaust system memory by establishing a high number of fake TCP connections, leaving the system unable to process legitimate connections.
What is the exposure or risk?
A large volume of fake TCP connections established by an attacker will exhaust the memory allocated for TCP connections on a device. This will cause the device to stop processing any more connections even if they are legitimate, causing a Denial of Service (DoS) condition on the device.
What are the recommendations?
Cisco has released software updates that address this vulnerability. SKOUT recommends updating to the latest version of the software available for a device. The complete list of updates can be found in the link in the references, along with detailed instructions on how to install the updates.
References:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos
If you have any questions, please contact our Security Operations Center.