CVE-2021-34698: Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability
First published: Wed Oct 06 2021(Updated: )
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS | >=12.0<12.0.3-005 | |
| Cisco AsyncOS | >=12.5<12.5.2-007 | |
| Cisco AsyncOS | >=14.0<14.0.1-014 | |
| Cisco Web Security Appliance S170 | ||
| Cisco Web Security Appliance S190 | ||
| Cisco Web Security Appliance S380 | ||
| Cisco Web Security Appliance S390 | ||
| Cisco Web Security Appliance S680 | ||
| Cisco Web Security Appliance S690 | ||
| Cisco Web Security Appliance S690x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34698?
CVE-2021-34698 is a vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) that could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device.
How does CVE-2021-34698 affect Cisco AsyncOS?
CVE-2021-34698 affects Cisco AsyncOS versions 12.0 to 12.0.3-005, 12.5 to 12.5.2-007, and 14.0 to 14.0.1-014.
What is the severity of CVE-2021-34698?
CVE-2021-34698 has a severity rating of 7.5 (high).
How can an attacker exploit CVE-2021-34698?
An unauthenticated, remote attacker can exploit CVE-2021-34698 by sending specially crafted requests to the affected Cisco Web Security Appliance (WSA), which could exhaust system memory and cause a denial of service (DoS) condition.
How can I fix CVE-2021-34698?
To fix CVE-2021-34698, it is recommended to upgrade to a fixed version of Cisco AsyncOS for Cisco Web Security Appliance (WSA). Refer to the Cisco security advisory for more details and instructions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco asyncos
- version/cisco asyncos/12.0
- version/cisco asyncos/12.5
- version/cisco asyncos/14.0
- canonical/cisco web security appliance s170
- canonical/cisco web security appliance s190
- canonical/cisco web security appliance s380
- canonical/cisco web security appliance s390
- canonical/cisco web security appliance s680
- canonical/cisco web security appliance s690
- canonical/cisco web security appliance s690x