Boletines de Vulnerabilidades

Cisco Web Security Appliance Native FTP Denial of Service Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in the native passthrough FTP functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to high CPU utilization.The vulnerability occurs when the FTP client terminates the FTP control connection when the data transfer is complete. An attacker could exploit this vulnerability by initiating FTP connections through the WSA. An exploit could allow the attacker to cause high CPU

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20Native%20FTP%20Denial%20of%20Service%20Vu

Identificadores estándar
Propiedad Valor
CVE CVE-2015-6386.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-12-08

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT