Cisco Security Management Appliance Log Rollover Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted device.

The vulnerability is due to inadequate validation of user credentials for incoming HTTP requests, which can cause the device to manipulate an internal log file. An attacker could exploit this vulnerability by sending crafted HTTP requests to the device. A successful exploit could allow the attacker to cause a DoS condition due to an application fault. The application fault is caused when the log file wraps quickly.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit the vulnerability, the attacker would need to send crafted HTTP requests to the targeted system through the SMA web interface. Because the attacker does not need to authenticate to send the crafted HTTP requests, the likelihood of a DoS condition is increased.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.