Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability

Vulnerability

The vulnerability resides in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA). It is due to improper validation of specific HTTP request headers. Affected versions: Cisco ESA and Cisco Cloud Email Security Release 13.0.0-392 and earlier; Cisco WSA Release 12.0.1-268 and earlier; Cisco SMA releases earlier than 13.6.0. [1]

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a malformed HTTP request to an affected device. No authentication or user interaction is required. The malformed request triggers a prolonged status of high CPU utilization relative to the GUI process(es). [1]

Impact

Successful exploitation results in a denial of service (DoS) condition where the device's response time and overall performance are degraded due to high CPU usage. The device remains operative but experiences significant performance degradation. [1]

Mitigation

Cisco has released fixed software versions to address this vulnerability. No workarounds are available. For ESA, upgrade to 13.0.0-392 or later; for WSA, upgrade to 12.0.1-268 or later; for SMA, upgrade to 13.6.0 or later. [1]