SB2017070602 - Two vulnerabilities in Cisco Wide Area Application Services

Description

This security bulletin contains information about 2 vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2017-6730)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.

The weakness exists in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager due to a processing error in how the affected software applies role-based access control (RBAC) to URLs. A remote attacker can conduct a brute-force attack or guess the report ID of a completed report, send a specially crafted HTTP GET request with the ID to an affected system and download any completed report that was previously scheduled by a WAAS administrator via the Reports Central area in the WAAS Central Manager GUI.

Successful exploitation of the vulnerability results in information disclosure.

2) Denial of service (CVE-ID: CVE-2017-6727)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote unauthenticated attacker to cause DoS condition.

The weakness exists in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) due to incomplete input validation of an SMB Create Request packet. A remote attacker can sendi a specially crafted Create Request packet and cause the process to reload.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas