Vulnerability Details : CVE-2015-6292
The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-6292
Probability of exploitation activity in the next 30 days: 0.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-6292
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2015-6292
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6292
-
http://www.securitytracker.com/id/1034062
Cisco Web Security Appliance AsyncOS Proxy Cache Lets Remote Users Consume Excessive Memory Resources - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1
Cisco Web Security Appliance Cache Reply Denial of Service VulnerabilityVendor Advisory
Products affected by CVE-2015-6292
- cpe:2.3:a:cisco:web_security_appliance:8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:8.5.0.000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:8.0.5:hp1:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:8.5.0-497:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:8.0.6-119:*:*:*:*:*:*:*