Vulnslist

find the latest Cisco vulnerabilities

Cisco Web Security Appliance Native FTP Denial of Service Vulnerability

cisco-sa-20151130-wsa · Medium · Published · Updated

A vulnerability in the native passthrough FTP functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to high CPU utilization. The vulnerability occurs when the FTP client terminates the FTP control connection when the data transfer is complete. An attacker could exploit this vulnerability by initiating FTP connections through the WSA. An exploit could allow the attacker to cause high CPU utilization of the Cisco WSA proxy process, causing a partial DoS condition. The attacker's choice of FTP client and how that client closes the FTP control connection will affect the attacker's ability to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There is a workaround that mitigates this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa

Cisco advisory ·CSAF JSON

Workarounds

This vulnerability exists only if native FTP is configured on the WSA. To disable native FTP on the WSA by using the GUI, navigate to Security Services > FTP Proxy and then disable the FTP Proxy setting.

CVEsCVE-2015-6386
Cisco Bug IDsCSCut94150
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Web Security Appliance (WSA), Cisco Secure Web Appliance

Related Products

Product CVE Evidence
Cisco Web Security Appliance (WSA) CVE-2015-6386 Cisco OpenVuln
Cisco Secure Web Appliance CVE-2015-6386 Cisco OpenVuln