Denial of service in Cisco Wide Area Application Services
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-6628 |
| CWE-ID | CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Wide Area Application Services Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Denial of service
EUVDB-ID: #VU6399
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6628
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability alows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled in a specific SSL/TLS connection state. A remote attacker can establish a SMART-SSL connection through the targeted device, send a specially crafted stream of SSL/TLS traffic and cause the WAN optimization to stop functioning while the process restarts.
Successful exploitation of the vulnerability may result in denial of service.
Update to version 6.2.3b.
Vulnerable software versionsCisco Wide Area Application Services: 6.2.3a - 6.3.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
