Cisco fixes high-risk network security equipment vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201675118
Type myhack58
Reporter 佚名
Modified 2016-05-24T00:00:00


! These defects can be specially crafted HTTP request to use to cause a denial of service condition The Cisco system had been repaired four denial of service vulnerability these vulnerabilities can be exploited by attackers to cause network security devices to stop properly handle network traffic. Cisco network security appliance(WSA)is a series of security equipment, they are checked according to a certain form of organization of the inflow and outflow of network traffic for detecting malicious software, preventing data leaks, and for users and applications to implement Internet access policies. These devices run a program called Cisco AsyncOSoperating system. Wednesday by Cisco to repair the four DoS vulnerabilities a vulnerability is derived from theoperating systemhow to handle a specific HTTP response code. An attacker can send a specially crafted HTTP request to the depletion of the attacked device's entire memory space. If this happens, the device will no longer accept new incoming connection request, a Cisco consultant says. All Cisco AsyncOS system 9. 0. 1-1 6 2 The following versions are affected. Users are recommended to upgrade to 9. 1 version, this version is not under attack. Another DoS vulnerabilities are due to the composition of the HTTP POST request packet to the lack of appropriate input validation. The defects can be through specially designed HTTP request to be used, and may result in the proxy process becomes unresponsive, the WSA overloaded. Affected by this vulnerability only AsyncOS 8.0 version. The user can upgrade to 8. 0. 6-1 1 9 or 9. 0. 1-162, which contains all four bug fix patches, a Cisco consultant says. The third vulnerability is caused by failure to release memory when the file range by the WSA request the cached content. By opening multiple connections and requests to file-scope, an attacker can make the WSA to run out of memory, and thus stops transmitting traffic. Version 8. 5 to 8. 8 The AsyncOS system is affected, Cisco recommends upgrading to 9. 0. 1-1 6 2 Version. The fourth vulnerability occurs because the AsyncOS not appropriate for the HTTP headers and expected HTTP load distribution space. The use of this defect will cause the proxy process to re-load and the flow stopped. The defect will affect the AsyncOS version 8. 8 and lower version. Cisco has been in version 8. 5 The branch of the version 8. 5. 3-0 6 9 and version 9. 0. 1-162 fixes the vulnerability. In addition to the WSA defect, Cisco also patched a mild cross-site scripting vulnerability exists in the Cisco Unified computing system(UCS), the core software of the Web interface.