Cisco Wide Area Application Services TCP Fragment Denial of Service Vulnerability
A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition.The vulnerability is due to incomplete input validation of TCP packets when a packet chain is fragmented. An attacker could exploit this vulnerability by sending a crafted set of TCP fragments through an affected device. An exploit could allow the attacker to cause a DoS condition due to a process restarting unexpectedly. The WAAS could drop traffic during the brief time that the WAASNET process is restarting.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2sTJbO6
A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition.The vulnerability is due to incomplete input validation of TCP packets when a packet chain is fragmented. An attacker could exploit this vulnerability by sending a crafted set of TCP fragments through an affected device. An exploit could allow the attacker to cause a DoS condition due to a process restarting unexpectedly. The WAAS could drop traffic during the brief time that the WAASNET process is restarting.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2sTJbO6
Security Impact Rating: Medium
CVE: CVE-2017-6721
from Cisco Security Advisory http://ift.tt/2sTJbO6