CVE-2021-34698Missing Release of Memory after Effective Lifetime in Cisco Asyncos

CWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
7.5HIGHNVD
CNA8.6
EPSS
0.5%
top 33.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco AsyncosCisco WEB Security Appliance
Timeline
PublishedOct 6
Latest updateMay 24

Description

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacke

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/asyncos12.012.0.3-005+2

🔴Vulnerability Details

2
GHSA
GHSA-vj66-rqm3-j78p: A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaus2022-05-24
CVEList
Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability2021-10-06

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability2021-10-06
CVE-2021-34698 — Cisco Asyncos vulnerability | cvebase