Vulnerabilites related to cisco - wide_area_application_services
Vulnerability from fkie_nvd
Published
2015-05-16 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=38865 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1032339 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=38865 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032339 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 6.0\(1\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "985F6A4D-82A7-4513-8A93-267F1A76E274",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645."
},
{
"lang": "es",
"value": "El m\u00f3dulo SMB en Cisco Wide Area Application Services (WAAS) 6.0(1) permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de m\u00f3dulo) a trav\u00e9s de un campo inv\u00e1lido en una solicitud Negotiate Protocol, tambi\u00e9n conocido como Bug ID CSCuo75645."
}
],
"id": "CVE-2015-0730",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-16T14:59:03.953",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38865"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032339"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-21 05:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/100928 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039415 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100928 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039415 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 6.2\(3a\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3C1C2B85-1129-49EA-9414-F44B7A911D84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web HTTP para Cisco Wide Area Application Services (WAAS) podr\u00eda permitir a un atacante remoto no autenticado provocar que un proceso HTTP relacionado con la optimizaci\u00f3n de aplicaciones se reinicie, provocando una denegaci\u00f3n de servicio parcial. Esta vulnerabilidad se debe a la falta de validaci\u00f3n de entrada de par\u00e1metros de entrada proporcionados por el usuario en una petici\u00f3n HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP manipulada al dispositivo objetivo. Su explotaci\u00f3n podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio por el reinicio inesperado de un proceso. WAAS podr\u00eda tener una ca\u00edda de tr\u00e1fico durante el breve per\u00edodo de tiempo en el que se reinicia el proceso. Cisco Bug IDs: CSCvc63048."
}
],
"id": "CVE-2017-12250",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-21T05:29:00.387",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100928"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039415"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-05 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/101176 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101176 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | virtual_wide_area_application_services | 6.2\(3b\) | |
| cisco | wide_area_application_services | 6.2\(3b\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:virtual_wide_area_application_services:6.2\\(3b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AF892160-8D27-49E4-9B57-9D9D4C209AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2\\(3b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D019E94-056D-479E-9C72-667B46893B3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la caracter\u00edstica de aceleraci\u00f3n de ICA (Independent Computing Architecture) para WAAS (Wide Area Application Services) de Cisco podr\u00eda permitir que un atacante remoto no autenticado provoque que un proceso relacionado con la optimizaci\u00f3n de una aplicaci\u00f3n ICA se reinicie, generando una denegaci\u00f3n de servicio (DoS) parcial en consecuencia. La vulnerabilidad se debe a una cancelaci\u00f3n incorrecta de una conexi\u00f3n cuando se recibe un paquete de protocolo no esperado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un tr\u00e1fico ICA manipulado a trav\u00e9s del dispositivo objetivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante cause una denegaci\u00f3n de servicio provocada por el reinicio inesperado de un proceso. Los WAAS de Cisco podr\u00edan sufrir una ca\u00edda del tr\u00e1fico ICA mientras se reinicia el proceso. La vulnerabilidad afecta a WAAS (Wide Area Application Services) y vWAAS (Virtual Wide Area Application Services). Cisco Bug IDs: CSCve74457."
}
],
"id": "CVE-2017-12267",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T07:29:00.667",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101176"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-06 13:15
Modified
2024-11-21 05:44
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC36443D-923A-4C3F-8383-287FF1559F47",
"versionEndIncluding": "6.4.5a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el software Cisco Wide Area Application Services (WAAS) podr\u00eda permitir a un atacante local autenticado conseguir acceso a informaci\u00f3n confidencial en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de la entrada y una autorizaci\u00f3n de comandos espec\u00edficos que un usuario puede ejecutar dentro de la CLI.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitir un ajuste espec\u00edfico de comandos.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer archivos arbitrarios a los que originalmente no ten\u00edan permiso para acceder"
}
],
"id": "CVE-2021-1438",
"lastModified": "2024-11-21T05:44:21.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-06T13:15:10.257",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-29 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | * | |
| cisco | wide_area_application_services | 5.1 | |
| cisco | wide_area_application_services | 5.1\(.1\) | |
| cisco | wide_area_application_services | 5.1\(.1a\) | |
| cisco | wide_area_application_services | 5.1\(.1b\) | |
| cisco | wide_area_application_services | 5.1\(.1c\) | |
| cisco | wide_area_application_services | 5.1\(.1d\) | |
| cisco | wide_area_application_services | 5.1\(.1e\) | |
| cisco | wide_area_application_services | 5.1\(.1f\) | |
| cisco | wide_area_application_services | 5.2 | |
| cisco | wide_area_application_services | 5.2\(.1\) | |
| cisco | wide_area_application_services | 5.3 | |
| cisco | wide_area_application_services | 5.3\(.1\) | |
| cisco | wide_area_application_services | 5.3\(.3\) | |
| cisco | wide_area_application_services | 5.3\(.5\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3366BC-9445-4D17-AC84-3312989CF7C4",
"versionEndIncluding": "5.3\\(.5a\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "334E11AD-C3D1-4814-90B9-F37254075AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1\\(.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0EBCC30C-7C5C-409F-89F1-F81B5FFCD0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1\\(.1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4877E1A8-2178-4A64-85D2-375EBAEBD326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1\\(.1b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3BD5EF6A-C8D6-4F88-AA69-1D1C918DF7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1\\(.1c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9D64CA7B-41A5-4495-BD36-F71B502B2209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1\\(.1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "24F00C39-517B-49B4-9257-FB64C5E977F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1\\(.1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1F45159A-B3F1-4CB9-88C1-D16915C8509C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1\\(.1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D66B012E-D87E-4AD3-8570-E69EB0616C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50EAC274-984F-4F3C-A129-E9864CA982B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.2\\(.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "81BB4D14-9F20-491B-B871-B843158D8E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344C911A-2457-4AC2-92AF-FFCD81AA0C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3\\(.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0CB66091-F906-4713-A3A4-C020E1CD1ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3\\(.3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B4DB4DA4-6A50-412B-A97F-BFB431F96C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3\\(.5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9CD71723-9AB8-4C0A-ABDE-8B7E80BA43CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674."
},
{
"lang": "es",
"value": "Cisco Wide Area Application Services (WAAS) 5.3(.5a) y anteriores, cuando SharePoint Acceleration est\u00e1 habilitado, no analiza debidamente respuestas SharePoint, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de manejador de optimizaci\u00f3n de aplicaci\u00f3n) a trav\u00e9s de una aplicaci\u00f3n SharePoint manipulada, tambi\u00e9n conocido como Bug ID CSCue47674."
}
],
"id": "CVE-2014-3285",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-29T17:55:05.397",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/58806"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34395"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67696"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/58806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030307"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-03 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 6.2.1 | |
| cisco | wide_area_application_services | 6.2.1a | |
| cisco | wide_area_application_services | 6.2.3a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "824B8C4F-EE4C-4654-BA85-B9AB68BF4491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "F29DEA22-F270-44C9-8A6D-F7563A4AE6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2637FD-48D3-48F5-819E-91D049C62F2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad de SMART-SSL Accelerator de Cisco Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a y 6.2.3a podr\u00eda permitir a un atacante remoto no autenticado causar una denegaci\u00f3n de servicio (DoS) provocando que la WAN deje de funcionar mientras el proceso se reinicia. La vulnerabilidad se debe a que una alerta de Secure Sockets Layer/Transport Layer Security (SSL/TLS) manejada incorrectamente cuando se encuentra en un estado de conexi\u00f3n SSL / TLS espec\u00edfica. Un atacante podr\u00eda explotar esta vulnerabilidad al establecer una conexi\u00f3n SMART-SSL a trav\u00e9s del dispositivo de destino. El atacante entonces enviar\u00eda una secuencia de tr\u00e1fico SSL / TLS. Un exploit podr\u00eda permitir al atacante causar un DoS en la que la WAN que podr\u00eda detener el procesamiento del tr\u00e1fico durante un corto per\u00edodo de tiempo. ID de errores de Cisco: CSCvb71133."
}
],
"id": "CVE-2017-6628",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-03T21:59:00.293",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98294"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1038399"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 4.4 | |
| cisco | wide_area_application_services | 5.0 | |
| cisco | wide_area_application_services | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD44B118-2134-4079-AC63-6E2E58C37A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB43C16-7F91-42BD-9C01-F292F0B966A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "334E11AD-C3D1-4814-90B9-F37254075AB3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279."
},
{
"lang": "es",
"value": "Los aplicativos Cisco Wide Area Application Services (WAAS) con software v4.4, v5.0, y v5.1 incluye un hash de un solo sentido de una contrase\u00f1a sin salida de texto, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de ataques de fuerza bruta sobre la cadena hash, tambi\u00e9n conocido como Bug ID CSCty17279."
}
],
"id": "CVE-2012-1348",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T18:55:00.930",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-04 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/99200 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1038747 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99200 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038747 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 6.3\(1\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9E9E1287-58BF-4799-85F5-270658D84083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de ingreso de paquetes TCP fragmentados por Wide Area Application Services (WAAS) de Cisco, podr\u00eda permitir a un atacante remoto no identificado causar que el proceso WAASNET se reinicie inesperadamente, causando una condici\u00f3n de denegaci\u00f3n de servicio (DoS). M\u00e1s informaci\u00f3n: CSCvc57428. Versiones Afectadas Conocidas: 6.3(1). Versiones Fijas Conocidas: 6.3(0.143) 6.2(3c) 6 6.2(3.22)."
}
],
"id": "CVE-2017-6721",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-04T00:29:00.680",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99200"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038747"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-20 03:15
Modified
2024-11-21 04:37
Severity ?
4.0 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108863 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108863 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 5.5\(7\) | |
| cisco | wide_area_application_services | 6.1\(1\) | |
| cisco | wide_area_application_services | 6.4\(3b\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.5\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EB9CB497-9C85-452A-B7E1-F3CB76396A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "729A2A6D-E9F9-4FAC-9FBB-DDD1810E08BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.4\\(3b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA4D5F6B-B677-4BF9-8098-8E1314920164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n proxy HTTPS del software Wide Area Application Services (WAAS) de Cisco, podr\u00eda permitir a un atacante remoto no autenticado utilizar el Administrador Central como un proxy HTTPS. Una vulnerabilidad es debido a una autenticaci\u00f3n insuficiente de las peticiones de conexi\u00f3n de proxy. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un mensaje malicioso de CONEXI\u00d3N HTTPS al Administrador Central. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante acceder a recursos p\u00fablicos de Internet que estar\u00edan bloqueados normalmente por las pol\u00edticas corporativas."
}
],
"id": "CVE-2019-1876",
"lastModified": "2024-11-21T04:37:35.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-20T03:15:12.167",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108863"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-27 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 5.3.1 | |
| cisco | wide_area_application_services | 5.3.3 | |
| cisco | wide_area_application_services | 5.3.5 | |
| cisco | wide_area_application_services | 5.3.5a | |
| cisco | wide_area_application_services | 5.3.5b | |
| cisco | wide_area_application_services | 5.3.5c | |
| cisco | wide_area_application_services | 5.3.5d | |
| cisco | wide_area_application_services | 5.3.5e | |
| cisco | wide_area_application_services | 5.3.5f | |
| cisco | wide_area_application_services | 6.1.0 | |
| cisco | wide_area_application_services | 6.1.1 | |
| cisco | wide_area_application_services | 6.2.1 | |
| cisco | wide_area_application_services | 6.2.1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42AE57F9-A8CB-4B16-9E0E-0214472A5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B91434B8-5A74-4A35-98BE-DE29315BD6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2A6770-320F-4D57-B730-9B00CD2C1CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "595C3309-19F5-411D-97D2-E0E162623BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "D69269F3-CD7E-48C4-8EF3-3AB019F0D8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5c:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC3F275-173F-4E95-A8A7-7A0142DC24DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5d:*:*:*:*:*:*:*",
"matchCriteriaId": "A34DCC03-91F1-4894-9348-39FBFA7E7296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5e:*:*:*:*:*:*:*",
"matchCriteriaId": "F6381E3F-F727-436B-8999-6CDFC64AE372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5f:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7147FD-908D-4710-BA1F-4D34F5DC4EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2006878-8AE8-4862-9C0C-11A5D8881392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0FF4E7-67C4-4CCB-9F65-BEFB8ECD9A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "824B8C4F-EE4C-4654-BA85-B9AB68BF4491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "F29DEA22-F270-44C9-8A6D-F7563A4AE6A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la gesti\u00f3n de la cach\u00e9 de sesi\u00f3n SSL de Cisco Wide Area Application Services (WAAS) podr\u00eda permitir a un atacante remoto no autenticado provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) debido a un consumo alto de espacio del disco. El usuario ver\u00e1 una degradaci\u00f3n de rendimiento. M\u00e1s informaci\u00f3n: CSCva03095. Lanzamientos conocidos afectados: 5.3(5), 6.1(1), 6.2(1). Lanzamientos conocidos solucionados: 5.3(5g)1, 6.2(2.32)."
}
],
"id": "CVE-2016-6437",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-27T21:59:08.733",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/93524"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1037002"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-26 00:25
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030265 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030265 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 5.1.1 | |
| cisco | wide_area_application_services | 5.1.1 | |
| cisco | wide_area_application_services | 5.1.1 | |
| cisco | wide_area_application_services | 5.1.1 | |
| cisco | wide_area_application_services | 5.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB7F3B8-82D6-43CF-A94D-435BE14EE080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:a:*:*:*:*:*:*",
"matchCriteriaId": "0CE19FB0-0235-4B62-ACFE-50BD8B135E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:b:*:*:*:*:*:*",
"matchCriteriaId": "B4087380-469A-4B09-BD1D-7792671E3A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:c:*:*:*:*:*:*",
"matchCriteriaId": "3C26CBF6-F5A9-4663-A2DC-30F71B493AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:d:*:*:*:*:*:*",
"matchCriteriaId": "0E227D06-A57C-457C-B8AC-1A949DB9484F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479."
},
{
"lang": "es",
"value": "Cisco Wide Area Application Services (WAAS) 5.1.1 anterior a 5.1.1e, cuando optimizaci\u00f3n de pre-captura SharePoint est\u00e1 habilitada, permite a servidores SharePoint remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta malformada, tambi\u00e9n conocido como Bug ID CSCue18479."
}
],
"id": "CVE-2014-2196",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-26T00:25:31.157",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030265"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-27 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 5.1.1 | |
| cisco | wide_area_application_services | 5.1.1a | |
| cisco | wide_area_application_services | 5.1.1b | |
| cisco | wide_area_application_services | 5.1.1c | |
| cisco | wide_area_application_services | 5.1.1d | |
| cisco | wide_area_application_services | 5.2.1 | |
| cisco | wide_area_application_services | 5.2_base | |
| cisco | wide_area_application_services | 5.3.1 | |
| cisco | wide_area_application_services | 5.3.3 | |
| cisco | wide_area_application_services | 5.3.5 | |
| cisco | wide_area_application_services | 5.3.5a | |
| cisco | wide_area_application_services | 5.3.5b | |
| cisco | wide_area_application_services | 5.3.5c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB7F3B8-82D6-43CF-A94D-435BE14EE080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF667608-4278-4AD2-8E5B-92EFC22E8B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F30FD1A-2D2E-402E-8742-25C40AA784BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAB106B-1066-44F0-9DA3-B40D728521F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "F60B2C86-95FD-492E-83A7-2BD142F6ECDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68680768-01A3-4A1C-AAA6-2C6AF836380D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "7823BA31-48F6-4D55-A986-32B0CC1361EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42AE57F9-A8CB-4B16-9E0E-0214472A5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B91434B8-5A74-4A35-98BE-DE29315BD6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2A6770-320F-4D57-B730-9B00CD2C1CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "595C3309-19F5-411D-97D2-E0E162623BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "D69269F3-CD7E-48C4-8EF3-3AB019F0D8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.3.5c:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC3F275-173F-4E95-A8A7-7A0142DC24DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330."
},
{
"lang": "es",
"value": "cifs-ao en la funcionalidad de optimizaci\u00f3n CIFS en dispositivos Cisco Wide Area Application Service (WAAS) y Virtual WAAS (vWAAS) 5.x en versiones anteriores a 5.3.5d y 5.4 y 5.5 en versiones anteriores a 5.5.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de recursos y recarga de dispositivo) a trav\u00e9s de tr\u00e1fico de red manipulado, tambi\u00e9n conocida como Bug ID CSCus85330."
}
],
"id": "CVE-2015-6421",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-27T22:59:01.363",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1034831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034831"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-07 21:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104464 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1041077 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104464 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041077 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 6.2\(3\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A5BB7A1-FB47-4BB7-AC5A-199345BADC84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Disk Check Tool (disk-check.sh) en el software Cisco Wide Area Application Services (WAAS) podr\u00eda permitir que un atacante local autenticado eleve sus privilegios a nivel root. El atacante debe tener credenciales de usuario v\u00e1lidas con privilegios de superusuario (nivel 15) para poder iniciar sesi\u00f3n en el dispositivo. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de archivos de script que se ejecutan en el contexto de Disk Check Tool. Un atacante podr\u00eda explotar esta vulnerabilidad reemplazando un archivo de script por otro malicioso mientras la herramienta afectada se est\u00e1 ejecutando. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante obtenga privilegios de nivel root y obtenga el control total del dispositivo. Cisco Bug IDs: CSCvi72673."
}
],
"id": "CVE-2018-0352",
"lastModified": "2024-11-21T03:38:02.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T21:29:00.760",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104464"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041077"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-05 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/101180 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101180 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77C3321F-C785-42BA-BD47-4CEFF29DA014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la caracter\u00edstica Akamai Connect de Cisco Wide Area Application Services (WAAS) Appliances podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a ciertas ineficiencias a la hora de gestionar archivos del sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad haciendo que los sistemas cliente accedan a un archivo corrupto que los sistemas cliente no pueden descomprimir correctamente. Con el exploit adecuado, el atacante podr\u00eda provocar que el dispositivo afectado se cierre o se bloquee inesperadamente. Esto conducir\u00eda a una condici\u00f3n DoS que podr\u00eda necesitar de una intervenci\u00f3n manual para recuperar las condiciones normales de operatividad. Cisco Bug IDs: CSCve82472."
}
],
"id": "CVE-2017-12256",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T07:29:00.403",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101180"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-10 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/99483 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1038824 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99483 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038824 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 6.2\(3a\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3C1C2B85-1129-49EA-9414-F44B7A911D84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el protocolo Server Message Block (SMB) de Cisco Wide Area Application Services (WAAS) podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esto se debe a que un proceso se reinicia inesperadamente y crea archivos de volcado de memoria. M\u00e1s informaci\u00f3n:\tCSCvc63035.\tVersiones afectadas conocidas: 6.2(3a). Versiones corregidas conocidas:\t6.3(0.167) 6.2(3c)5 6.2(3.22)."
}
],
"id": "CVE-2017-6727",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-10T20:29:00.453",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99483"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038824"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-07 21:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104590 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1041078 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104590 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041078 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 6.2\(3\) | |
| cisco | wide_area_application_services | 6.4\(1\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A5BB7A1-FB47-4BB7-AC5A-199345BADC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F5EFC9CC-FB72-4F16-92B4-73CDC6AED81F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration (\u0027running-config\u0027) or the startup configuration (\u0027startup-config\u0027). Cisco Bug IDs: CSCvi40137."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la configuraci\u00f3n por defecto de la caracter\u00edstica SNMP (Simple Network Management Protocol) del software Cisco Wide Area Application Services (WAAS) podr\u00eda permitir que un atacante remoto no autenticado lea datos de un dispositivo afectado mediante SNMP. La vulnerabilidad se debe a una cadena de comunidad embebida y de solo lectura en el archivo de configuraci\u00f3n del demonio SNMP. Un atacante podr\u00eda explotar esta vulnerabilidad utilizando cadenas de comunidad en consultas SNMP versi\u00f3n 2c en un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante lea cualquier dato accesible mediante SNMP en el dispositivo afectado. Nota: Las credenciales est\u00e1ticas se definen en un archivo interno de configuraci\u00f3n y no son visibles en la configuraci\u00f3n actual de operaci\u00f3n (\"running-config\") o la configuraci\u00f3n de inicio (\"startup-config\"). Cisco Bug IDs: CSCvi40137."
}
],
"id": "CVE-2018-0329",
"lastModified": "2024-11-21T03:37:59.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T21:29:00.353",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104590"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041078"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-01 13:32
Modified
2025-04-11 00:51
Severity ?
Summary
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A2CC13-7854-4AC2-8550-5CE56EC47371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18790F69-C8E4-4562-B327-11C3E3E3C344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60439F29-ED59-4A64-BA5C-BAD560F8EEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3773CE5E-D27E-46A0-B2EC-4693747FCFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A813F07A-0429-4C5F-B821-EDAB74B93072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "563442F9-81B4-48C7-BF78-4993C870047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FC96EADC-B910-4E8F-872B-9B418325B8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD862F3-EA53-44D6-8646-E8C825CF239D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "826DB554-4F11-4FBD-AA4E-E86C6D100D72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0C914D-633E-47A2-95BB-B95E920E9556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C1327E35-DE7C-4A3B-8777-D9403EFE754A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "13F3FE7E-4FCA-48C4-83FE-C0087DDAD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "F16FE683-E466-4023-8859-B56A3AD12648",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A08E1E-D4AC-4021-AB43-8166F4EAD9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:a:*:*:*:*:*:*",
"matchCriteriaId": "093206E6-6D96-441C-A718-36827C2A3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:b:*:*:*:*:*:*",
"matchCriteriaId": "839EFA10-529F-441D-87F0-1EDC6F40F731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:c:*:*:*:*:*:*",
"matchCriteriaId": "7F98A53E-DD8C-44E0-B138-B678A499FAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:d:*:*:*:*:*:*",
"matchCriteriaId": "B3A23B4B-3E6B-43A2-A1C4-D9A11FCC59AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB41F77E-D6C7-4E8D-8EF3-12451057F3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:a:*:*:*:*:*:*",
"matchCriteriaId": "AF1AECDF-4333-4705-97F6-8D0B091B6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:b:*:*:*:*:*:*",
"matchCriteriaId": "1BF9647A-FDA1-48C2-80FE-430552D61638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:a:*:*:*:*:*:*",
"matchCriteriaId": "7D3E92F6-2FD5-45D1-A273-20C6E9970AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:b:*:*:*:*:*:*",
"matchCriteriaId": "E2D3596A-9E11-450C-807D-406BD0A1A806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:c:*:*:*:*:*:*",
"matchCriteriaId": "B7C9941C-C1EC-4F49-893A-0D3AD7DE76E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:d:*:*:*:*:*:*",
"matchCriteriaId": "A9D0FDCE-1B72-470D-B027-37FB5DCB8647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:e:*:*:*:*:*:*",
"matchCriteriaId": "FE1C168B-65F8-449E-9EC8-6229EEDD3166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:f:*:*:*:*:*:*",
"matchCriteriaId": "A547E973-DE4B-4A39-A132-6FF9A663E91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:g:*:*:*:*:*:*",
"matchCriteriaId": "BB483EDF-529B-4C21-9ADB-776430B24921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "14FBC408-7B98-414E-AA8B-B9B644CEA4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:a:*:*:*:*:*:*",
"matchCriteriaId": "B0B1EF08-52EC-4B7E-80EA-A2C98C64D206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:b:*:*:*:*:*:*",
"matchCriteriaId": "AC53B795-F475-4306-87DD-D37EB9F19189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E02CBEA1-34F1-4E21-8329-8BC11AC14C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C42C0832-1061-42DF-8F90-6EE69BD62E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:a:*:*:*:*:*:*",
"matchCriteriaId": "ADF2B1A0-9D42-4E7C-A3E5-0AD35EEFEF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:b:*:*:*:*:*:*",
"matchCriteriaId": "2A0D159D-818B-4E6D-B57F-BEBA9A27C805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:c:*:*:*:*:*:*",
"matchCriteriaId": "26830D5F-F5EA-4E91-BFAC-31F0D0A1229D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "651AD3E6-06AA-4AAD-802B-748E4FA2376C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D6E0A1-AB8D-4F3D-B95B-0584785F75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D0FB0B-E392-4535-BCD2-9BF485765B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.5:a:*:*:*:*:*:*",
"matchCriteriaId": "203B4800-18F8-47E2-B6EB-03DB9B31608A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DEC1811-94D3-4BA3-B10E-07FE916B6022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C954B9A-42A1-4B83-ABFB-69CFE9E8C6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:a:*:*:*:*:*:*",
"matchCriteriaId": "989B17E6-B366-4F38-A7AD-E0A37D1FFBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:b:*:*:*:*:*:*",
"matchCriteriaId": "9F622C2B-B6C3-48F8-BE2D-BBE3AF388F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:c:*:*:*:*:*:*",
"matchCriteriaId": "2FD954CF-9C7C-4BC1-B847-E15BEA14B7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4612F9-4DFC-489B-83B9-FAA2D49CC740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:a:*:*:*:*:*:*",
"matchCriteriaId": "D7EA263B-CDA5-40BC-88AA-DFAA2C118C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:b:*:*:*:*:*:*",
"matchCriteriaId": "346EDFB4-2519-4F8D-B260-AD1C476FB6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:c:*:*:*:*:*:*",
"matchCriteriaId": "070C7194-4D9B-4DBD-93A9-1720746875CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:d:*:*:*:*:*:*",
"matchCriteriaId": "93E106B4-3E58-4DDA-A3B1-DCF18CABA42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "498970B4-AE0A-4B5B-B365-8F8320C7C860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A96DA8-43BF-4D5D-97B5-1599B533FBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5569334B-C66D-49EE-956E-8A6AD32532DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:a:*:*:*:*:*:*",
"matchCriteriaId": "D4C93313-B465-4530-9B67-782B40678228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:c:*:*:*:*:*:*",
"matchCriteriaId": "EF1DA0E6-3653-4903-B90E-07DDFA90CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:d:*:*:*:*:*:*",
"matchCriteriaId": "B7473878-7A5A-4532-B268-207EA9A694E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB7F3B8-82D6-43CF-A94D-435BE14EE080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:a:*:*:*:*:*:*",
"matchCriteriaId": "0CE19FB0-0235-4B62-ACFE-50BD8B135E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:b:*:*:*:*:*:*",
"matchCriteriaId": "B4087380-469A-4B09-BD1D-7792671E3A99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50EAC274-984F-4F3C-A129-E9864CA982B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626."
},
{
"lang": "es",
"value": "El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1 con una configuraci\u00f3n como Central Manager (CM), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n POST manipulada. Aka Bug ID CSCuh26626."
}
],
"id": "CVE-2013-3443",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-01T13:32:30.387",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/95877"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/54367"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/54372"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/61542"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1028851"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86121"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-10 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/99481 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1038825 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99481 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038825 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_services | 4.4\(7\) | |
| cisco | wide_area_application_services | 6.2\(1\) | |
| cisco | wide_area_application_services | 6.2\(3\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FACB0E71-4EE9-4B8C-971F-8C0AAC299E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1FB7741B-037F-480F-B90A-CB60055C1EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A5BB7A1-FB47-4BB7-AC5A-199345BADC84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz gr\u00e1fica de usuario web de Cisco Wide Area Application Services (WAAS) Central Manager podr\u00eda permitir que un atacante remoto no autenticado recupere informes completos de un sistema afectado. Esto tambi\u00e9n se conoce como divulgaci\u00f3n de informaci\u00f3n. Esta vulnerabilidad afecta a los siguientes productos si est\u00e1n ejecutando una versi\u00f3n afectada de Cisco Wide Area Application Services (WAAS) Software y est\u00e1n configurados para emplear la funci\u00f3n Central Manager: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Solo los productos Cisco WAAS que est\u00e1n configurados con el rol Central Manager se han visto afectados por esta vulnerabilidad.\nM\u00e1s informaci\u00f3n: CSCvd87574. Versiones afectadas conocidas: 4.4(7) 6.2(1) 6.2(3). Versiones corregidas conocidas: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17."
}
],
"id": "CVE-2017-6730",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-10T20:29:00.593",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99481"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038825"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-01 13:32
Modified
2025-04-11 00:51
Severity ?
Summary
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A08E1E-D4AC-4021-AB43-8166F4EAD9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:a:*:*:*:*:*:*",
"matchCriteriaId": "093206E6-6D96-441C-A718-36827C2A3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:b:*:*:*:*:*:*",
"matchCriteriaId": "839EFA10-529F-441D-87F0-1EDC6F40F731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:c:*:*:*:*:*:*",
"matchCriteriaId": "7F98A53E-DD8C-44E0-B138-B678A499FAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:d:*:*:*:*:*:*",
"matchCriteriaId": "B3A23B4B-3E6B-43A2-A1C4-D9A11FCC59AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB41F77E-D6C7-4E8D-8EF3-12451057F3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:a:*:*:*:*:*:*",
"matchCriteriaId": "AF1AECDF-4333-4705-97F6-8D0B091B6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:b:*:*:*:*:*:*",
"matchCriteriaId": "1BF9647A-FDA1-48C2-80FE-430552D61638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:a:*:*:*:*:*:*",
"matchCriteriaId": "7D3E92F6-2FD5-45D1-A273-20C6E9970AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:b:*:*:*:*:*:*",
"matchCriteriaId": "E2D3596A-9E11-450C-807D-406BD0A1A806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:c:*:*:*:*:*:*",
"matchCriteriaId": "B7C9941C-C1EC-4F49-893A-0D3AD7DE76E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:d:*:*:*:*:*:*",
"matchCriteriaId": "A9D0FDCE-1B72-470D-B027-37FB5DCB8647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:e:*:*:*:*:*:*",
"matchCriteriaId": "FE1C168B-65F8-449E-9EC8-6229EEDD3166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:f:*:*:*:*:*:*",
"matchCriteriaId": "A547E973-DE4B-4A39-A132-6FF9A663E91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:g:*:*:*:*:*:*",
"matchCriteriaId": "BB483EDF-529B-4C21-9ADB-776430B24921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "14FBC408-7B98-414E-AA8B-B9B644CEA4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:a:*:*:*:*:*:*",
"matchCriteriaId": "B0B1EF08-52EC-4B7E-80EA-A2C98C64D206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:b:*:*:*:*:*:*",
"matchCriteriaId": "AC53B795-F475-4306-87DD-D37EB9F19189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "651AD3E6-06AA-4AAD-802B-748E4FA2376C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D6E0A1-AB8D-4F3D-B95B-0584785F75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D0FB0B-E392-4535-BCD2-9BF485765B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.5:a:*:*:*:*:*:*",
"matchCriteriaId": "203B4800-18F8-47E2-B6EB-03DB9B31608A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A96DA8-43BF-4D5D-97B5-1599B533FBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5569334B-C66D-49EE-956E-8A6AD32532DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:a:*:*:*:*:*:*",
"matchCriteriaId": "D4C93313-B465-4530-9B67-782B40678228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:c:*:*:*:*:*:*",
"matchCriteriaId": "EF1DA0E6-3653-4903-B90E-07DDFA90CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:d:*:*:*:*:*:*",
"matchCriteriaId": "B7473878-7A5A-4532-B268-207EA9A694E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E02CBEA1-34F1-4E21-8329-8BC11AC14C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C42C0832-1061-42DF-8F90-6EE69BD62E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:a:*:*:*:*:*:*",
"matchCriteriaId": "ADF2B1A0-9D42-4E7C-A3E5-0AD35EEFEF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:b:*:*:*:*:*:*",
"matchCriteriaId": "2A0D159D-818B-4E6D-B57F-BEBA9A27C805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:c:*:*:*:*:*:*",
"matchCriteriaId": "26830D5F-F5EA-4E91-BFAC-31F0D0A1229D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DEC1811-94D3-4BA3-B10E-07FE916B6022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C954B9A-42A1-4B83-ABFB-69CFE9E8C6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:a:*:*:*:*:*:*",
"matchCriteriaId": "989B17E6-B366-4F38-A7AD-E0A37D1FFBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:b:*:*:*:*:*:*",
"matchCriteriaId": "9F622C2B-B6C3-48F8-BE2D-BBE3AF388F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:c:*:*:*:*:*:*",
"matchCriteriaId": "2FD954CF-9C7C-4BC1-B847-E15BEA14B7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4612F9-4DFC-489B-83B9-FAA2D49CC740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:a:*:*:*:*:*:*",
"matchCriteriaId": "D7EA263B-CDA5-40BC-88AA-DFAA2C118C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:b:*:*:*:*:*:*",
"matchCriteriaId": "346EDFB4-2519-4F8D-B260-AD1C476FB6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:c:*:*:*:*:*:*",
"matchCriteriaId": "070C7194-4D9B-4DBD-93A9-1720746875CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:d:*:*:*:*:*:*",
"matchCriteriaId": "93E106B4-3E58-4DDA-A3B1-DCF18CABA42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "498970B4-AE0A-4B5B-B365-8F8320C7C860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB7F3B8-82D6-43CF-A94D-435BE14EE080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:a:*:*:*:*:*:*",
"matchCriteriaId": "0CE19FB0-0235-4B62-ACFE-50BD8B135E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:b:*:*:*:*:*:*",
"matchCriteriaId": "B4087380-469A-4B09-BD1D-7792671E3A99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50EAC274-984F-4F3C-A129-E9864CA982B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A2CC13-7854-4AC2-8550-5CE56EC47371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18790F69-C8E4-4562-B327-11C3E3E3C344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60439F29-ED59-4A64-BA5C-BAD560F8EEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3773CE5E-D27E-46A0-B2EC-4693747FCFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A813F07A-0429-4C5F-B821-EDAB74B93072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "563442F9-81B4-48C7-BF78-4993C870047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FC96EADC-B910-4E8F-872B-9B418325B8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD862F3-EA53-44D6-8646-E8C825CF239D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "826DB554-4F11-4FBD-AA4E-E86C6D100D72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0C914D-633E-47A2-95BB-B95E920E9556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C1327E35-DE7C-4A3B-8777-D9403EFE754A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "13F3FE7E-4FCA-48C4-83FE-C0087DDAD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "F16FE683-E466-4023-8859-B56A3AD12648",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D072C0DB-364E-4810-9C86-ABD93BD33308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5BCB2E-65A8-46D1-9DE6-BAF94C9D9083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C60E9F3-8FFA-4B72-B04D-4C53AC2004B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E437DB8D-E335-4A3D-9D83-EF4AD2B12324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09824600-59A2-4E09-8C14-982D2C32E40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C86A3647-12BC-4477-BC39-0E4BFAC13B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C31F2484-51A3-44DC-BC0F-1E1CCE017F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4896155-D1CE-4F9B-84CC-FF3EE3E4D5BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3230EB3-C218-4D68-9F57-6297B23BB878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47EB95E9-336D-45C2-AB70-3B6CA096338C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "99175A3D-AD50-4500-80DE-68FFF6FFD008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC46876-2362-4BFD-9A19-698B85C42F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1D809176-DAFA-4E74-9038-8FF74BFA5A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1728237-7655-47DF-87FB-19F1FDA4F19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E886A09-904C-45E9-BC6C-09CBB4F96A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "337049D5-B480-4C53-8E1C-42FE34668743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "306C91DD-CE70-4F8D-9CD2-BAF90BA954E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8ABED70C-223F-4291-9F4A-2327267ADA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "37E32E34-99CC-4944-B1D4-839DAB79ABE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A493AAE-63AC-4341-B8FE-1308D614565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08087DDD-BC38-43D9-A137-679C6DC1C15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "826F3764-3E20-4F35-823C-806738944FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA4F3C7-2D67-4D77-84AC-A4AE8B1C302E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B0EE7-3088-458D-BF32-B00B5EDCA9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D218DB53-9F40-4301-B063-55533BE98291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DC5428-DBBF-4EB2-BAD0-D5800A67049D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DE0F58-0D6B-4468-A05D-45D366C2D588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4AB5A5-771F-485C-968E-929CF70DFAC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "565D9BCA-750C-49A7-99A3-6C981E4A1BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C86239D2-0F86-4CA2-8012-4060E69551A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69293F9D-B5FD-4E06-A8ED-D15B2636B7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1602EDCE-0C5D-491E-B198-13A700F482A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF5D9B6-893B-4C62-8270-A3810FAB25DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE56D8-4F5A-41A9-A4AC-967060FC11B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "94D07D88-3E89-4F65-B8E8-120A482095EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5E002861-3F4D-4C20-AC82-C88044753A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2794C94A-3FE9-4254-9658-A7CF7AE37391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0F7037-89AC-4CE5-B7A1-79B5D4684A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1819397A-AF3E-43E8-BB2D-077AC3A7DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "441543F2-1ED4-4C44-AD72-0ED0D5100BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E12C29A5-6D40-4E03-944D-BCD48F24B8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CA85CD2C-EA10-43A6-BC45-1C547551AFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AF80DF-6EA7-4874-975B-C71CC9E8F601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E7A6C0-2EDA-40D8-81C0-EA665FAA6F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9305CF-8509-4EA6-9A94-72C8140CFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "96CB429B-509F-4CD0-B1E9-3F43144BB66C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_content_delivery_network_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "613E7B34-5D64-4671-BB44-CBDC92ECAB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_content_delivery_network_software:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "685DDE38-BA05-4491-943F-76A4049C0251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_content_delivery_network_software:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75A26A17-752A-4AD9-B256-2BBEDCFABE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:internet_streamer_content_delivery_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C18E2BA8-3181-4497-82F5-BB34DA224374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:internet_streamer_content_delivery_system:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C469A25-D729-4A4A-AED1-B01C5382937B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:internet_streamer_content_delivery_system:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E857CA39-8814-4786-AB59-4D1FC2FA7E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_delivery_system_for_internet_streamer:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D402CF9-D717-4AAB-8F18-E2F9D4516AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_delivery_system_for_internet_streamer:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2DA792-9F8A-483C-A0CA-C7541394617E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_delivery_system_for_internet_streamer:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFDEF616-1774-4AB6-8272-3BE1FDB29CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_delivery_system_origin_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C710807C-76F5-4543-B4A4-16BBB47EC7AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_distribution_suite_optimization_engine:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99EE4E99-43FC-4BC3-A852-3E36933D09CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_distribution_suite_service_broker:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFDDA1E-183D-4094-92CE-EB1F85EBDAB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_distribution_suite_service_broker:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3BF288-D7C6-4853-8811-49E0A2AA4738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:videoscape_distribution_suite_service_broker:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32C0BD20-8219-4AAB-9E48-489D74E80A39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790."
},
{
"lang": "es",
"value": "El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1; Cisco ACNS Software 4.x y 5.x anterior a 5.5.29.2; Cisco ECDS Software 2.x anterior a 2.5.6; Cisco CDS-IS Software 2.x anterior a 2.6.3.b50 y 3.1.x anterior a 3.1.2b54; Cisco VDS-IS Software 3.2.x anterior a 3.2.1.b9; Cisco VDS-SB Software 1.x anterior a 1.1.0-b96; Cisco VDS-OE Software 1.x anterior a 1.0.1; y Cisco VDS-OS Software 1.x en modo central-management, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios a\u00f1adiendo cadenas con valores modificados en los campos GUI. Aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, y CSCug56790."
}
],
"id": "CVE-2013-3444",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-01T13:32:30.397",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/54367"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/54369"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/54370"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/54372"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/61543"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1028852"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1028853"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86122"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-21 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wide_area_application_engine | * | |
| cisco | wide_area_application_engine_nm-wae-502 | * | |
| cisco | wide_area_application_services | 4.0.7 | |
| cisco | wide_area_application_services | 4.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wide_area_application_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B05D957-4CD3-4489-B8AC-05DE3E8DC2D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:wide_area_application_engine_nm-wae-502:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02245BBD-6655-4604-B158-C71D28736754",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3773CE5E-D27E-46A0-B2EC-4693747FCFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A813F07A-0429-4C5F-B821-EDAB74B93072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445."
},
{
"lang": "es",
"value": "La optimizaci\u00f3n Common Internet File System (CIFS)de Cisco Wide Area Application Services (WAAS) 4.0.7 y 4.0.9, tal y como se usa en Cisco WAE appliance y el m\u00f3dulo de red NM-WAE-502, cuando Edge Services est\u00e1 configurado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de servicio) mediante una indundaci\u00f3n de paquetes TCP SYN al puerto (1) 139 \u00f3 (2) 445."
}
],
"id": "CVE-2007-3923",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-21T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/36120"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24956"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018416"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2572"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/36120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-6421 (GCVE-0-2015-6421)
Vulnerability from cvelistv5
Published
2016-01-27 22:00
Modified
2024-08-06 07:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034831",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034831"
},
{
"name": "20160127 Cisco Wide Area Application Service CIFS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034831",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034831"
},
{
"name": "20160127 Cisco Wide Area Application Service CIFS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034831",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034831"
},
{
"name": "20160127 Cisco Wide Area Application Service CIFS Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6421",
"datePublished": "2016-01-27T22:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6730 (GCVE-0-2017-6730)
Vulnerability from cvelistv5
Published
2017-07-10 20:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure Vulnerability
Summary
A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services |
Version: Cisco Wide Area Application Services |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99481",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1"
},
{
"name": "1038825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services"
}
]
}
],
"datePublic": "2017-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "99481",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1"
},
{
"name": "1038825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99481"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1"
},
{
"name": "1038825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6730",
"datePublished": "2017-07-10T20:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12267 (GCVE-0-2017-12267)
Vulnerability from cvelistv5
Published
2017-10-05 07:00
Modified
2024-08-05 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services |
Version: Cisco Wide Area Application Services |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services"
}
]
}
],
"datePublic": "2017-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-07T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "101176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101176"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12267",
"datePublished": "2017-10-05T07:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0329 (GCVE-0-2018-0329)
Vulnerability from cvelistv5
Published
2018-06-07 21:00
Modified
2024-11-29 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services unknown |
Version: Cisco Wide Area Application Services unknown |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041078"
},
{
"name": "104590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:43:47.888003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T15:05:10.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services unknown"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration (\u0027running-config\u0027) or the startup configuration (\u0027startup-config\u0027). Cisco Bug IDs: CSCvi40137."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-03T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1041078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041078"
},
{
"name": "104590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services unknown",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration (\u0027running-config\u0027) or the startup configuration (\u0027startup-config\u0027). Cisco Bug IDs: CSCvi40137."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041078",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041078"
},
{
"name": "104590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104590"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0329",
"datePublished": "2018-06-07T21:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-29T15:05:10.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1876 (GCVE-0-2019-1876)
Vulnerability from cvelistv5
Published
2019-06-20 03:00
Modified
2024-11-21 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Wide Area Application Services (WAAS) |
Version: unspecified < 6.4(5.6) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:43.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190619 Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass"
},
{
"name": "108863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108863"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:58:03.208454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:20:59.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services (WAAS)",
"vendor": "Cisco",
"versions": [
{
"lessThan": "6.4(5.6)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T06:06:03",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190619 Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass"
},
{
"name": "108863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108863"
}
],
"source": {
"advisory": "cisco-sa-20190619-waas-authbypass",
"defect": [
[
"CSCvo13639"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-06-19T16:00:00-0700",
"ID": "CVE-2019-1876",
"STATE": "PUBLIC",
"TITLE": "Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services (WAAS)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.4(5.6)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190619 Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass"
},
{
"name": "108863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108863"
}
]
},
"source": {
"advisory": "cisco-sa-20190619-waas-authbypass",
"defect": [
[
"CSCvo13639"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1876",
"datePublished": "2019-06-20T03:00:20.264751Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:20:59.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2196 (GCVE-0-2014-2196)
Vulnerability from cvelistv5
Published
2014-05-23 22:00
Modified
2024-08-06 10:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140521 Cisco Wide Area Application Services Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas"
},
{
"name": "1030265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-16T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140521 Cisco Wide Area Application Services Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas"
},
{
"name": "1030265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140521 Cisco Wide Area Application Services Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas"
},
{
"name": "1030265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2196",
"datePublished": "2014-05-23T22:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6721 (GCVE-0-2017-6721)
Vulnerability from cvelistv5
Published
2017-07-04 00:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- TCP Fragment Denial of Service Vulnerability
Summary
A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services |
Version: Cisco Wide Area Application Services |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas"
},
{
"name": "1038747",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038747"
},
{
"name": "99200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "TCP Fragment Denial of Service Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas"
},
{
"name": "1038747",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038747"
},
{
"name": "99200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TCP Fragment Denial of Service Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas"
},
{
"name": "1038747",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038747"
},
{
"name": "99200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6721",
"datePublished": "2017-07-04T00:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0352 (GCVE-0-2018-0352)
Vulnerability from cvelistv5
Published
2018-06-07 21:00
Modified
2024-11-29 15:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services unknown |
Version: Cisco Wide Area Application Services unknown |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104464"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation"
},
{
"name": "1041077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041077"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:42:23.589157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T15:03:45.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services unknown"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "104464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104464"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation"
},
{
"name": "1041077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services unknown",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104464"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation"
},
{
"name": "1041077",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0352",
"datePublished": "2018-06-07T21:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-29T15:03:45.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1348 (GCVE-0-2012-1348)
Vulnerability from cvelistv5
Published
2012-08-06 18:00
Modified
2024-09-16 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T18:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-1348",
"datePublished": "2012-08-06T18:00:00Z",
"dateReserved": "2012-02-27T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:58.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3923 (GCVE-0-2007-3923)
Vulnerability from cvelistv5
Published
2007-07-21 00:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"
},
{
"name": "ADV-2007-2572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2572"
},
{
"name": "24956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24956"
},
{
"name": "36120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/36120"
},
{
"name": "cisco-waas-edgeservice-dos(35477)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"
},
{
"name": "1018416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018416"
},
{
"name": "26122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"
},
{
"name": "ADV-2007-2572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2572"
},
{
"name": "24956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24956"
},
{
"name": "36120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/36120"
},
{
"name": "cisco-waas-edgeservice-dos(35477)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"
},
{
"name": "1018416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018416"
},
{
"name": "26122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26122"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"
},
{
"name": "ADV-2007-2572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2572"
},
{
"name": "24956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24956"
},
{
"name": "36120",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36120"
},
{
"name": "cisco-waas-edgeservice-dos(35477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"
},
{
"name": "1018416",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018416"
},
{
"name": "26122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26122"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3923",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6628 (GCVE-0-2017-6628)
Vulnerability from cvelistv5
Published
2017-05-03 21:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services SMART-SSL Accelerator |
Version: Cisco Wide Area Application Services SMART-SSL Accelerator |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98294"
},
{
"name": "1038399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services SMART-SSL Accelerator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services SMART-SSL Accelerator"
}
]
}
],
"datePublic": "2017-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "98294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98294"
},
{
"name": "1038399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services SMART-SSL Accelerator",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services SMART-SSL Accelerator"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98294"
},
{
"name": "1038399",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038399"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6628",
"datePublished": "2017-05-03T21:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12256 (GCVE-0-2017-12256)
Vulnerability from cvelistv5
Published
2017-10-05 07:00
Modified
2024-08-05 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services |
Version: Cisco Wide Area Application Services |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services"
}
]
}
],
"datePublic": "2017-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-07T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "101180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101180"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12256",
"datePublished": "2017-10-05T07:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3444 (GCVE-0-2013-3444)
Vulnerability from cvelistv5
Published
2013-07-31 19:00
Modified
2024-08-06 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1028852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028852"
},
{
"name": "20130731 Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm"
},
{
"name": "54367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54367"
},
{
"name": "multiple-cisco-cve20133444-command-exec(86122)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86122"
},
{
"name": "54372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54372"
},
{
"name": "61543",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61543"
},
{
"name": "54370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54370"
},
{
"name": "54369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54369"
},
{
"name": "1028853",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1028852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028852"
},
{
"name": "20130731 Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm"
},
{
"name": "54367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54367"
},
{
"name": "multiple-cisco-cve20133444-command-exec(86122)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86122"
},
{
"name": "54372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54372"
},
{
"name": "61543",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61543"
},
{
"name": "54370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54370"
},
{
"name": "54369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54369"
},
{
"name": "1028853",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028853"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1028852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028852"
},
{
"name": "20130731 Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm"
},
{
"name": "54367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54367"
},
{
"name": "multiple-cisco-cve20133444-command-exec(86122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86122"
},
{
"name": "54372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54372"
},
{
"name": "61543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61543"
},
{
"name": "54370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54370"
},
{
"name": "54369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54369"
},
{
"name": "1028853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028853"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3444",
"datePublished": "2013-07-31T19:00:00",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12250 (GCVE-0-2017-12250)
Vulnerability from cvelistv5
Published
2017-09-21 05:00
Modified
2024-08-05 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services |
Version: Cisco Wide Area Application Services |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas"
},
{
"name": "100928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services"
}
]
}
],
"datePublic": "2017-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1039415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas"
},
{
"name": "100928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039415"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas"
},
{
"name": "100928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12250",
"datePublished": "2017-09-21T05:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0730 (GCVE-0-2015-0730)
Vulnerability from cvelistv5
Published
2015-05-16 14:00
Modified
2024-08-06 04:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150514 Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38865"
},
{
"name": "1032339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150514 Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38865"
},
{
"name": "1032339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150514 Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38865"
},
{
"name": "1032339",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0730",
"datePublished": "2015-05-16T14:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6437 (GCVE-0-2016-6437)
Vulnerability from cvelistv5
Published
2016-10-27 21:00
Modified
2024-08-06 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32) |
Version: Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
},
{
"name": "93524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)"
}
]
}
],
"datePublic": "2016-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1037002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
},
{
"name": "93524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037002"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
},
{
"name": "93524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6437",
"datePublished": "2016-10-27T21:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3285 (GCVE-0-2014-3285)
Vulnerability from cvelistv5
Published
2014-05-29 17:00
Modified
2024-08-06 10:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67696",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34395"
},
{
"name": "1030307",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030307"
},
{
"name": "58806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58806"
},
{
"name": "20140528 Cisco WAAS Partial Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "67696",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34395"
},
{
"name": "1030307",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030307"
},
{
"name": "58806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58806"
},
{
"name": "20140528 Cisco WAAS Partial Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67696"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34395",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34395"
},
{
"name": "1030307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030307"
},
{
"name": "58806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58806"
},
{
"name": "20140528 Cisco WAAS Partial Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3285",
"datePublished": "2014-05-29T17:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1438 (GCVE-0-2021-1438)
Vulnerability from cvelistv5
Published
2021-05-06 12:40
Modified
2024-11-08 23:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Wide Area Application Services (WAAS) |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:44:22.978546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:21:29.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services (WAAS)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-06T12:40:54",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
}
],
"source": {
"advisory": "cisco-sa-waas-infdisc-Twb4EypK",
"defect": [
[
"CSCvw97364"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-05T16:00:00",
"ID": "CVE-2021-1438",
"STATE": "PUBLIC",
"TITLE": "Cisco Wide Area Application Services Software Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services (WAAS)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
}
]
},
"source": {
"advisory": "cisco-sa-waas-infdisc-Twb4EypK",
"defect": [
[
"CSCvw97364"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1438",
"datePublished": "2021-05-06T12:40:54.478927Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:21:29.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6727 (GCVE-0-2017-6727)
Vulnerability from cvelistv5
Published
2017-07-10 20:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service Vulnerability
Summary
A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Wide Area Application Services |
Version: Cisco Wide Area Application Services |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas"
},
{
"name": "99483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wide Area Application Services",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wide Area Application Services"
}
]
}
],
"datePublic": "2017-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1038824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas"
},
{
"name": "99483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038824",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038824"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas"
},
{
"name": "99483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6727",
"datePublished": "2017-07-10T20:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3443 (GCVE-0-2013-3443)
Vulnerability from cvelistv5
Published
2013-07-31 19:00
Modified
2024-08-06 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:38.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1028851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028851"
},
{
"name": "54367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54367"
},
{
"name": "20130731 Cisco WAAS Central Manager Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm"
},
{
"name": "61542",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61542"
},
{
"name": "54372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54372"
},
{
"name": "cisco-waas-cve2013443-code-exec(86121)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86121"
},
{
"name": "95877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1028851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028851"
},
{
"name": "54367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54367"
},
{
"name": "20130731 Cisco WAAS Central Manager Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm"
},
{
"name": "61542",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61542"
},
{
"name": "54372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54372"
},
{
"name": "cisco-waas-cve2013443-code-exec(86121)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86121"
},
{
"name": "95877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1028851",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028851"
},
{
"name": "54367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54367"
},
{
"name": "20130731 Cisco WAAS Central Manager Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm"
},
{
"name": "61542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61542"
},
{
"name": "54372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54372"
},
{
"name": "cisco-waas-cve2013443-code-exec(86121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86121"
},
{
"name": "95877",
"refsource": "OSVDB",
"url": "http://osvdb.org/95877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3443",
"datePublished": "2013-07-31T19:00:00",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:38.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}