Cisco AsyncOS for Cisco Email Security Appliance and Cisco Web Security Appliance Cluster Denial of Service Vulnerability

A vulnerability in the clustering component of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause the device to become unresponsive on the clustering and SSH configured ports.

The vulnerability is due to improper handling of packets sent at a high rate when the system is configured for clustering. An attacker could exploit this vulnerability by sending packets to the targeted system at a high rate. An exploit could allow the attacker to cause the affected system to become unresponsive on the clustering and SSH configured ports, causing all new connections to these ports to fail. A reload is required to restore normal operational behavior.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker would need to send packets to the affected device at a high rate, making exploitation more difficult in environments that restrict access to untrusted sources.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.