Vulnerability-Lookup

CNVD-2018-15418

Vulnerability from cnvd - Published: 2018-08-16

Title

Cisco Web Security Appliance Web Proxy内存耗尽拒绝服务漏洞

Description

Cisco Web Security Appliance（WSA）是美国思科（Cisco）公司的一套Web安全设备。该设备提供基于SaaS的访问控制、实时网络报告和追踪、制定安全策略等功能。 Cisco Web Security Appliance Web Proxy存在内存耗尽拒绝服务漏洞，该漏洞源于受影响的软件未能正确管理与目标设备的TCP连接的内存资源。攻击者可以通过IPv4或IPv6建立与受影响设备的数据接口的大量TCP连接来利用此漏洞。成功利用可能允许攻击者耗尽系统内存，可能导致系统停止处理新连接并导致DoS条件。

Severity

中

Patch Name

Cisco Web Security Appliance Web Proxy内存耗尽拒绝服务漏洞的补丁

Patch Description

Formal description

思科发布了解决此漏洞的软件更新，用户可联系供应商获得更新信息： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

Impacted products

Name
['Cisco AsyncOS Software(for Cisco Web Security Appliances) 9.1', 'Cisco AsyncOS Software(for Cisco Web Security Appliances) 10.1', 'Cisco AsyncOS Software(for Cisco Web Security Appliances) 10.5', 'Cisco AsyncOS Software(for Cisco Web Security Appliances) 11.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0410"
    }
  },
  "description": "Cisco Web Security Appliance\uff08WSA\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u63d0\u4f9b\u57fa\u4e8eSaaS\u7684\u8bbf\u95ee\u63a7\u5236\u3001\u5b9e\u65f6\u7f51\u7edc\u62a5\u544a\u548c\u8ffd\u8e2a\u3001\u5236\u5b9a\u5b89\u5168\u7b56\u7565\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Web Security Appliance Web Proxy\u5b58\u5728\u5185\u5b58\u8017\u5c3d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8f6f\u4ef6\u672a\u80fd\u6b63\u786e\u7ba1\u7406\u4e0e\u76ee\u6807\u8bbe\u5907\u7684TCP\u8fde\u63a5\u7684\u5185\u5b58\u8d44\u6e90\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7IPv4\u6216IPv6\u5efa\u7acb\u4e0e\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u6570\u636e\u63a5\u53e3\u7684\u5927\u91cfTCP\u8fde\u63a5\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u3002 \u6210\u529f\u5229\u7528\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u8017\u5c3d\u7cfb\u7edf\u5185\u5b58\uff0c\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u505c\u6b62\u5904\u7406\u65b0\u8fde\u63a5\u5e76\u5bfc\u81f4DoS\u6761\u4ef6\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u601d\u79d1\u53d1\u5e03\u4e86\u89e3\u51b3\u6b64\u6f0f\u6d1e\u7684\u8f6f\u4ef6\u66f4\u65b0\uff0c\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u66f4\u65b0\u4fe1\u606f\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-15418",
  "openTime": "2018-08-16",
  "patchDescription": "Cisco Web Security Appliance\uff08WSA\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u63d0\u4f9b\u57fa\u4e8eSaaS\u7684\u8bbf\u95ee\u63a7\u5236\u3001\u5b9e\u65f6\u7f51\u7edc\u62a5\u544a\u548c\u8ffd\u8e2a\u3001\u5236\u5b9a\u5b89\u5168\u7b56\u7565\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Web Security Appliance Web Proxy\u5b58\u5728\u5185\u5b58\u8017\u5c3d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8f6f\u4ef6\u672a\u80fd\u6b63\u786e\u7ba1\u7406\u4e0e\u76ee\u6807\u8bbe\u5907\u7684TCP\u8fde\u63a5\u7684\u5185\u5b58\u8d44\u6e90\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7IPv4\u6216IPv6\u5efa\u7acb\u4e0e\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u6570\u636e\u63a5\u53e3\u7684\u5927\u91cfTCP\u8fde\u63a5\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u3002 \u6210\u529f\u5229\u7528\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u8017\u5c3d\u7cfb\u7edf\u5185\u5b58\uff0c\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u505c\u6b62\u5904\u7406\u65b0\u8fde\u63a5\u5e76\u5bfc\u81f4DoS\u6761\u4ef6\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Web Security Appliance Web Proxy\u5185\u5b58\u8017\u5c3d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco AsyncOS Software(for Cisco Web Security Appliances) 9.1",
      "Cisco AsyncOS Software(for Cisco Web Security Appliances) 10.1",
      "Cisco AsyncOS Software(for Cisco Web Security Appliances) 10.5",
      "Cisco AsyncOS Software(for Cisco Web Security Appliances) 11.0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos",
  "serverity": "\u4e2d",
  "submitTime": "2018-08-16",
  "title": "Cisco Web Security Appliance Web Proxy\u5185\u5b58\u8017\u5c3d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0410 (GCVE-0-2018-0410)

Vulnerability from cvelistv5 – Published: 2018-08-15 20:00 – Updated: 2024-11-26 14:48

Summary

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.

Severity ?

No CVSS data available.

CWE

CWE-400

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/105098	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1041535	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	Cisco Systems, Inc.	AsyncOS Software for Cisco Web Security Appliances	Affected: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105098",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105098"
          },
          {
            "name": "20180815 Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos"
          },
          {
            "name": "1041535",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041535"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:53:35.949892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:48:03.996Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AsyncOS Software for Cisco Web Security Appliances",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "105098",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105098"
        },
        {
          "name": "20180815 Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos"
        },
        {
          "name": "1041535",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041535"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-08-15T00:00:00",
          "ID": "CVE-2018-0410",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AsyncOS Software for Cisco Web Security Appliances",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unspecified"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105098",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105098"
            },
            {
              "name": "20180815 Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos"
            },
            {
              "name": "1041535",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041535"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0410",
    "datePublished": "2018-08-15T20:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:48:03.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-15418

CVE-2018-0410 (GCVE-0-2018-0410)

Tags

Sightings

Nomenclature