Vigil@nce - Cisco FWSM: denial of service via cut-through proxy
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An unauthenticated attacker can use the cut-through proxy feature
of Cisco FWSM, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS, Cisco Router xx00 Series
Severity: 2/4
Creation date: 19/02/2014
DESCRIPTION OF THE VULNERABILITY
The Cisco FWSM module supports the "cut-through proxy" feature for
AAA.
However, an unauthenticated attacker can trigger an error in the
memory processing. Technical details are unknown.
An unauthenticated attacker can therefore use the cut-through
proxy feature of Cisco FWSM, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-FWSM-denial-of-service-via-cut-through-proxy-14282