2016 m. sausio 28 d., ketvirtadienis

Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability

Cisco Wide Area Application Service CIFS Denial of Service Vulnerability

Advisory ID: cisco-sa-20160127-waascifs

Revision 1.0

For Public Release 2016 January 27 16:00 UTC (GMT)

+-----------------------------------------------------------
----------

Summary
=======

A vulnerability in the Common Internet File System (CIFS) optimization
feature of the Cisco Wide Area Application Service (WAAS) device could
allow an unauthenticated, remote attacker to perform a resource
consumption attack which, could result in a complete denial of service
(DoS) condition.

The vulnerability is due to insufficient flow handling of incoming CIFS
traffic. An attacker could exploit this vulnerability by sending
malicious traffic designed to trigger the vulnerability. An exploit
could allow the attacker to cause a DoS condition by exhausting system
buffering resources, resulting in a reload of the affected device.


This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs
Pranešimą parašė ties

Komentarų nėra:

Rašyti komentarą

Užsisakykite: Rašyti komentarus (Atom)