Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service (DoS) condition.

The vulnerability is due to improper handling, processing, and termination of HTTP and HTTPS connections. An attacker could exploit this vulnerability by sending multiple HTTP or HTTPS requests to any management-enabled interfaces of the affected system. A full TCP three-way handshake is required to exploit this vulnerability. An exploit could allow the attacker to prevent management access via the GUI. A hard reboot of the affected system is needed to restore full functionality.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker must first determine the management-enabled interfaces on the targeted system and send multiple HTTP or HTTPS requests to the system. In a typical enterprise environment, these systems would reside on trusted, internal networks behind firewall restrictions. This access requirements decrease the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.