CVE-2015-6386 — Cisco WEB Security Appliance vulnerability

CWE-3994 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 36.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco WEB Security Appliance

Timeline

PublishedDec 1

Latest updateMay 17

Description

The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/web_security_appliance8.0.7-142, 8.5.1-021+1

🔴Vulnerability Details

GHSA

GHSA-vr38-pghp-52qv: The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8↗2022-05-17

▶

CVEList

CVE-2015-6386: The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8↗2015-12-01

▶

📋Vendor Advisories

Cisco

Cisco Web Security Appliance Native FTP Denial of Service Vulnerability↗2015-11-30

▶