Guest

Preview Tool

Cisco Bug: CSCuq68888 - Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability

Last Modified

May 11, 2017

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(7.3)

Description (partial)

Symptoms:
Crafted HTTP request may cause the 64K Blocks depletion

Conditions:
webvpn needs to be enabled. This can be verified by doing show run webvpn and checking if webvpn enable command is present.
Block depletion can be checked by executing show block at regular interval
 
The following syslog is created when the memory block goes below the acceptable threashold
ASA-3-321007: System is low on free memory blocks of size 65536 (0 CNT out of 16 MAX)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.