Are You Using CISCO WSA Security Appliance? It is Vulnerable to DoS Attacks!

â€œCISCO WSAâ€ is a well-known Web Security Appliance of CISCO and it is using AsyncOS operating system to run itself. This operating system have a number of vulnerabilities which are allowing hackers to perform DoS (Denial of Service) attacks on it. To fix these security issues, an update has been released by CISCO.

Â

Here is a list of those vulnerabilities:

Â

The first vulnerability CVE-2016-1380 is related to improper Input Validation. This vulnerability is present in the request sending method of AsyncOS operating system. When AsyncOS operating system sends POST method request through HTTP protocol, an attacker could remotely hijack this process by using proxy. All this could happen due to those packets, which will send POST request to CISCO WSA through HTTP protocol. This is a high risk vulnerability.

Â

The second vulnerability CVE-2016-1381 is related to the cache memory of AsyncOS operating system. This security issue could be a reason of DoS attack, due to its file-range request method, which it used to send requests for cached files. Hackers could remotely exploit this vulnerability by creating more than one connections with that device, which is infected with this security issue. WSA stops doing work in front of that flood of traffic. This vulnerability also got high risk ranking.

Â

Â

The third vulnerability CVE-2016-1382 is related to automatically proxy process. A hacker could remotely exploit this vulnerability by sending a specially crafted HTTP request. The AsyncOS operating system, used by CISCO WSA do not check the header of HTTP request properly. Therefore by sending a malicious coded HTTP request to infected device, DoS attack is possible. This is a high risk vulnerability.

Â

The last but not least vulnerability CVE-2016-1383 is related to Operating System AsyncOS. It is related to the method of handling response of HTTP requests, which AsyncOS is using. A hacker could remotely exploit this vulnerability by sending a specially crafted HTTP request, which contains data in very large amount as compared to a normal HTTP request. These security issues are infecting all versions of CISCO WSA devices.

CISCO released a security update to fix these vulnerabilities in all versions of AsyncOS. If you are using WSA Web Security Appliances, update all of that as soon as possible.

Â