How to trigger DoS flaws in CISCO WSA. Apply fixes asap

Cisco issued a series of patches for the AsyncOS operating on CISCO WSA that fix multiple high severity Denial-of-Service (DoS) vulnerabilities.

Cisco has released security patches for the AsyncOS operating system that run on the Web Security Appliance, also called CISCO WSA. The security updates fix multiple high severity Denial-of-Service (DoS) vulnerabilities.

Below the details of the flaws in the CISCO WSA fixed by the last series of patches:

CVE-2016-1380 is a flaw ranked as high that is triggered when parsing an HTTP POST request with Cisco AsyncOS for Cisco WSA, it could be exploited by an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the proxy process becoming unresponsive.
The flaw is caused by the lack of proper input validation of the packets that compose an HTTP POST request.

CVE-2016-1381 resides in the cached file-range request functionality implemented by Cisco AsyncOS. A remote, unauthenticated attacker can trigger it to cause a denial of service (DoS) condition. The flaw, is ranked as high, could exploit by opening multiple connections that request file ranges through the affected device. When the memory is saturated to attack causes the WSA to stop passing traffic.

CVE-2016-1382 is a vulnerability that resides in the HTTP request parsing in Cisco AsyncOS for the Cisco WSA. The flaw could allow a remote, unauthenticated attacker to trigger a denial of service (DoS) condition when the proxy process unexpectedly restarts.

In order to exploit the flaw, the attacker just needs to send a specifically crafted HTTP request to the vulnerable device, the OS will not properly allocate the sufficient space for the HTTP header and any expected HTTP payload.

CVE-2016-1383 is a flaw ranked as high that resides in the way the operating system handles certain HTTP response code. The flaw could be exploited by an unauthenticated, remote attacker to cause a DoS condition by simply sending to the device a specially crafted HTTP request causing it to run out of memory.

Cisco confirmed that the security issues affect various versions of the AsyncOS running on CISCO WSA on both hardware and virtual appliances.

Cisco confirmed that it isn’t aware that the flaw has been exploited by hackers in the wild.

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

https://www.surveymonkey.com/r/secbloggerwards2016

Thank you

Pierluigi

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CISCO WSA, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.