Vulnslist

find the latest Cisco vulnerabilities

Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

Cisco-SA-20131023-CVE-2013-5537 · Medium · Published · Updated

A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improper handling, processing, and termination of HTTP and HTTPS connections. An attacker could exploit this vulnerability by sending multiple HTTP or HTTPS requests to any management-enabled interfaces of the affected system. A full TCP three-way handshake is required to exploit this vulnerability. An exploit could allow the attacker to prevent management access via the GUI. A hard reboot of the affected system is needed to restore full functionality. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit this vulnerability, an attacker must first determine the management-enabled interfaces on the targeted system and send multiple HTTP or HTTPS requests to the system. In a typical enterprise environment, these systems would reside on trusted, internal networks behind firewall restrictions. This access requirements decrease the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-5537
Cisco Bug IDsCSCuf89818, CSCuh05635, CSCuj59411
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C
Product Names From Source
Cisco Web Security Appliance (WSA), Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), Cisco Secure Email and Web Manager, Cisco Secure Web Appliance

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2013-5537 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2013-5537 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2013-5537 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2013-5537 Cisco OpenVuln
Cisco Web Security Appliance (WSA) CVE-2013-5537 Cisco OpenVuln
Cisco Secure Web Appliance CVE-2013-5537 Cisco OpenVuln
Cisco Secure Email and Web Manager CVE-2013-5537 Cisco OpenVuln
Cisco Secure Email CVE-2013-5537 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2013-5537 Cisco OpenVuln
Cisco Content Security Management Appliance (SMA) CVE-2013-5537 Cisco OpenVuln