Resource exhaustion in Cisco Web Security Appliance - CVE-2018-0410
Published: August 15, 2018 / Updated: August 16, 2018
Vulnerability identifier: #VU14428
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-0410
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Web Security Appliance
Cisco Web Security Appliance
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances due to improper management of memory resources for TCP connections. A remote attacker can establish a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6, exhaust system memory and cause the system to stop processing new connections.
How to mitigate CVE-2018-0410
The vulnerability has been fixed in the versions 11.5.0-614, 10.5.2-061, 10.1.3-054.