Executive Summary

Summary
Title Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
Informations
Name cisco-sa-20140219-fwsm First vendor Publication 2014-02-19
Vendor Cisco Last vendor Modification 2014-02-19
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system.

The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate the vulnerability are not available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF4EAREKAAYFAlMEtNcACgkQUddfH3/BbTqQ+wD+NFmMxteh3LtLTfRu/MLP3fUd 1JUZsmYsfWURrVRYKWIA/jCIeNeOrEZk3+us7+gkLQ0m8CPFzYtwmJv0WAuUz4nL =CKL7 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 79

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-02-27 IAVM : 2014-A-0031 - Cisco Firewall Services Module (FWSM) Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0044549

Nessus® Vulnerability Scanner

Date Description
2014-02-24 Name : The remote device is missing a vendor-supplied security update.
File : cisco-sa-20140219-fwsm.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-02-28 17:19:10
  • Multiple Updates
2014-02-25 13:21:38
  • Multiple Updates
2014-02-24 21:26:33
  • Multiple Updates
2014-02-19 21:19:39
  • First insertion