what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20151104-aos

Cisco Security Advisory 20151104-aos
Posted Nov 5, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the network stack of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust all available memory, preventing the affected device from accepting new TCP connections. The vulnerability is due to improper handling of TCP packets sent at a high rate. An attacker could exploit this vulnerability by sending crafted TCP packets to the affected system. Note: A full device reload is needed to recover the system to an operational state.

tags | advisory, remote, web, tcp
systems | cisco
SHA-256 | 96a0e3ec2c0798960635b78f767b80fd89f3135fd9dd8bd49f5167edee58bace

Cisco Security Advisory 20151104-aos

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability

Advisory ID: cisco-sa-20151104-aos

Revision 1.0

For Public Release 2015 November 4 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the network stack of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust all available memory, preventing the affected device from accepting new TCP connections.

The vulnerability is due to improper handling of TCP packets sent at a high rate. An attacker could exploit this vulnerability by sending crafted TCP packets to the affected system.

Note: A full device reload is needed to recover the system to an operational state.

Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos






-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWOhO3AAoJEIpI1I6i1Mx35gEP/ApOJvVZ6wEgWYYdBEAfPXwu
tvZeIqc24MN6OunHtGHgVpiRAINAz6uecaupVTFeOcowJERky2xUTkSfItfM6WiO
85wga7OyA5n+JPw/WNDiMGi05DmqYa3Ut/IAQbn5rFxU61rLlgOBOe+YoaDFBwCJ
/d3FLr70/tyqkGTgXCNWUh/Ukb+1k4UMqaJo+rWT1nM93r2ImD0RVJe+NYIb0JhL
acXXbPQMqIgtXszi1Hvq8j22OdBZqPTrfiStvJ3vk2uVQlcsXom4uPhk+RmOQZ6l
3+gmV1tZvA4fXqjM3gnMnMlej51VRR4rRsGNuwr4sp9diHONyTnqFHHCGUA/ehei
l8fARGSsEd2S4PjnQiMmdPtgYaGCpJRMOIunN0fYCjzxqdwPsLeqzhELbTq8HiFy
jTL+RWnaPQUgnfh0LIJ58J6DrzTvWQdHbLtfaJFR4ZSUH9M9xF6oqAJIIb4hxJfv
wT0TOQDqijeRc3sTtQGa3Xwhuk7tds86ZYENf+T4YLpnqHtUDV+cIFC7zussWsp4
K60rCM1ek4/s3Vd+t9Muq1F5iTxhUSkpxB5QwwbC2I5BjLkTQweqX+lpu3RVumht
1is3TvabnA6FkUUSJTJRQ040FE+W1GbXGDuX3ba1gPlHGETifC6UXirLaKJce3lj
RSEUihVYR0uVFt4EtSoh
=VX2W
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close