—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability
Advisory ID: cisco-sa-20180606-wsa
Revision: 1.0
For Public Release: 2018 June 6 16:00 GMT
Last Updated: 2018 June 6 16:00 GMT
CVE ID(s): CVE-2018-0353
CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+———————————————————————
Summary
=======
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections.
The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbGAY9XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcztWsP/0imZyZP+CJR1kerfdfWVNRqn1/f
bIdiaOyRsKosTbdG1aqDU+LtZmrxl/rOFX4NsAG0LZCsb6f7uoJN8HzhXztWi+nR
DyYoviG/oWAdsKIjgYyJlF6hd/bMKqa3zLWkJTRGa96ozQjCu9pyR2hGfeU15OJs
bI0RL/aRjnnMyoYA0H0YgTsNDnZrbk01sgyAFYHoNYXc6fIhqoJaRQaxZACEEvlv
i4JZUbrGpELjTrLZ/JKvozvoYbgrGyeNyrD1Cmh7/d8llzWcijvjyodtOLcAUZ2w
zBuxai/YHXT00GuzFbV/FRwNvtOXT/1On4OGV4h3YfOH1pjM4MfuEwUW6iCvOme5
BvJu4y8N/7UlzYhb6djbgi5ogr1/QGiqQrIHd7IbInTfZL1ZqXmfKj3r7dhCuLw3
8loKRIRF78Dn1FP/AOfwjU3wDxh0y1Y16gRqS1G6HArL3NFX50herzsARWvy118v
ws8i3K7k7OCjEkumWof4KF92rm1kzLNmF59nflEOtzZ2pCM6Hc3kwB7i5h/syUo4
Qvq1LB7rRbisRVw1+Kdcecogs69AgYprnggSJ9QsXgLElMSBETAzr2Yz4jog4M1y
zUFwEoog4uoDOR0h5iUp7jAOAWolUCGOIvJ6SSgZeu2MbKVcbdcOtWbj/gl1IgpZ
wbhTWI86pGTErlkH
=Gqic
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com