CVE-2018-0410

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

8.6HIGH

EPSS

1.8%

top 17.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Systems, Inc. Asyncos Software FOR Cisco WEB Security Appliances Cisco WEB Security Appliance

Timeline

PublishedAug 15

Latest updateMay 13

Description

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco_systems,_inc./asyncos_software_for_cisco_web_security_appliancesunspecified

▶NVDcisco/web_security_appliance10 versions+9

🔴Vulnerability Details

GHSA

GHSA-7vx9-5h56-f698: A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote atta↗2022-05-13

▶

CVEList

CVE-2018-0410: A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote atta↗2018-08-15

▶

📋Vendor Advisories

Cisco

Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability↗2018-08-15

▶