Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability

cisco-sa-20140219-fwsm · High · Published · Updated

Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication. Cisco has released software updates that address this vulnerability. Workarounds that mitigate the vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that mitigate this vulnerability other than disabling the cut-through proxy feature.

CVEsCVE-2014-0710
Cisco Bug IDsCSCuj16824
CVSS ScoreBase 7.1
Base 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Firewall Services Module (FWSM)

Related Products

Product CVE Evidence
Cisco Firewall Services Module (FWSM) CVE-2014-0710 Cisco OpenVuln