CVE-2018-0353

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) versions 10.5.1 through 11.0.0

Description A vulnerability in traffic-monitoring functions could allow an unauthenticated, remote attacker to bypass security protections by circumventing Layer 4 Traffic Monitor (L4TM) functionality. This is due to a change in the underlying operating system software responsible for monitoring affected traffic. An attacker could exploit this by sending crafted IP packets to an affected device, potentially allowing them to pass traffic through the device that the WSA was configured to deny. This issue affects both IPv4 and IPv6 traffic.

Recommendations For Cisco Web Security Appliance (WSA) versions 10.5.1 through 11.0.0, consider disabling the Layer 4 Traffic Monitor (L4TM) functionality as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.