Preview Tool

Cisco Bug: CSCuq59708 - SSTE: Crash seen at l4f_set_tcp_option on passing malformed packets

Last Modified

Jul 03, 2020

Products (1)

  • Cisco 3G Wireless WAN

Known Affected Releases


Description (partial)

A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition.

To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software. In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface. In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

This advisory is part of the March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of ''High.'' For a complete list of advisories and links to them, see Cisco Event Response: Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled

See Advisory.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.