CVE-2018-0410 is a vulnerability in Cisco Web Security Appliance
Published on August 15, 2018
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2018-0410 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2018-0410
Want to know whenever a new CVE is published for Cisco Web Security Appliance? stack.watch will email you.
Affected Versions
Cisco Systems, Inc. AsyncOS Software for Cisco Web Security Appliances Version unspecified is affected by CVE-2018-0410Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.