DoS vector for e-mail, content and Web appliances
10 Nov 2015 at 04:00, Richard ChirgwinCisco has announced a patch for a high-severity bug in the AsyncOS that runs a bunch of its security appliances.
The operating system underneath its Email Security Appliance (ESA), Content Security Management Appliance (SMA) and Web Security Appliance (WSA) can be hosed by sending them crafted TCP packets at a high enough rate, the company says.
The vulnerability "could allow an unauthenticated, remote attacker to exhaust all available memory", the company says. "An attacker could exploit this vulnerability by sending crafted TCP packets to the affected system."
Full Article