SB2017100506 - Denial of service in Cisco Wide Area Application Services
Published: October 5, 2017
Security Bulletin ID
SB2017100506
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2017-12256)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances due to certain file-handling inefficiencies. A remote attacker can direct client systems to access a corrupted file that the client systems cannot decompress correctly and cause the affected device to hang or crash.
Successful exploitation of the vulnerability results in denial of service.
2) Denial of service (CVE-ID: CVE-2017-12267)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) due to improper aborting of a connection when an unexpected protocol packet is received. A remote attacker can send a specially crafted ICA traffic and cause an ICA application optimization-related process to restart.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.