Key Information Vulnerability Title: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability Severity: High CVE ID: CVE-2015-6292 CWE ID: CWE-399 CVSS: Base 7.8, Temporal 6.4 Release Date: - First Published: November 4, 2015, 16:00 GMT - Last Updated: November 20, 2015, 17:48 GMT Affected Products: Cisco AsyncOS Software versions 8.0 through 8.8 for Cisco Web Security Appliance (WSA) on both virtual and hardware appliances. Vulnerability Description: A vulnerability in the proxy cache functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the device runs out of system memory. The vulnerability is due to improper memory operations by the affected software. The software fails to free a memory object when it retrieves data from the proxy server cache to terminate a TCP connection. An attacker could exploit this vulnerability by opening many proxy connections through the WSA. An exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is leaked. Mitigation: Customers are advised to consult the Cisco Security Advisories and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution. Note: If there are additional security advisories or vulnerability information on the webpage, please provide them as well. Further related security advisories and vulnerability details can be accessed via the provided link.