The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability note CVE-2017-3793

Cisco ASA: denial of service via TCP

Synthesis of the vulnerability

An attacker can send unordered TCP packets of specially chosen sizes to a device running Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Creation date: 20/04/2017.
Identifiers: CERTFR-2017-AVI-127, cisco-sa-20170419-asa-norm, CVE-2017-3793, VIGILANCE-VUL-22514.

Description of the vulnerability

The Cisco ASA product implements quota management for TCP packet reordering.

However, for some packet sizes, an error in the memory management leads to memory exhaustion.

An attacker can therefore send unordered TCP packets of specially chosen sizes to a device running Cisco ASA, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities management. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.