Vigil@nce - Cisco Web Security Appliance: infinite loop of FTP Proxy
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an infinite loop in the FTP Proxy of
Cisco Web Security Appliance, in order to trigger a denial of
service.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Creation date: 01/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco Web Security Appliance product offers a FTP proxy.
However, an attacker can end a FTP session in a special way, in
order to trigger a loop in the proxy. Technical details are
unknown.
An attacker can therefore generate an infinite loop in the FTP
Proxy of Cisco Web Security Appliance, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Web-Security-Appliance-infinite-loop-of-FTP-Proxy-18405