Skip to main content

Asyncos CVE-2021-34698

HIGH
Memory Leak (CWE-401)
2021-10-06 psirt@cisco.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 06, 2021 - 20:15 nvd
HIGH 7.5

DescriptionNVD

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation.

AnalysisAI

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation. Affected products include: Cisco Asyncos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.

CVE-2022-20868 HIGH
8.8 Nov 04

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Mana

CVE-2021-1359 HIGH
8.8 Jul 08

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an a

CVE-2019-15956 HIGH
8.8 Nov 26

A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could a

CVE-2019-1886 HIGH
8.6 Jul 04

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, re

CVE-2024-20383 HIGH
8.4 May 15

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager c

CVE-2024-20435 HIGH
7.8 Jul 17

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to exe

CVE-2020-3367 HIGH
7.8 Nov 18

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Secu

CVE-2018-0095 HIGH
7.8 Jan 18

A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Securit

CVE-2016-1461 HIGH
7.5 Aug 01

Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware dete

CVE-2016-1438 HIGH
7.5 Jun 23

Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filter

CVE-2022-20653 HIGH
7.5 Feb 17

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS S

CVE-2021-34741 HIGH
7.5 Nov 04

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could

Share

CVE-2021-34698 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy