Two vulnerabilities in Cisco Wide Area Application Services
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-6730 CVE-2017-6727 |
| CWE-ID | CWE-200 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Wide Area Application Services Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU7339
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6730
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager due to a processing error in how the affected software applies role-based access control (RBAC) to URLs. A remote attacker can conduct a brute-force attack or guess the report ID of a completed report, send a specially crafted HTTP GET request with the ID to an affected system and download any completed report that was previously scheduled by a WAAS administrator via the Reports Central area in the WAAS Central Manager GUI.
Successful exploitation of the vulnerability results in information disclosure.
The vulnerability is addressed in the following versions:
6.3(0.228), 6.3(0.226), 6.2(3d)8, 5.5(7b)17.
Cisco Wide Area Application Services: 4.4.7 - 6.2.3
CPE2.3- cpe:2.3:a:cisco_systems:cisco_wide_area_application_services:4.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_wide_area_application_services:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_wide_area_application_services:6.2.3:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU7340
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6727
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition.
The weakness exists in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) due to incomplete input validation of an SMB Create Request packet. A remote attacker can sendi a specially crafted Create Request packet and cause the process to reload.
Successful exploitation of the vulnerability results in denial of service.
The vulnerability is addressed in the following versions:
6.3(0.167), 6.2(3c)5, 6.2(3.22).
Cisco Wide Area Application Services: 6.2.3a
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
