Denial of Service Vulnerability in Cisco Wide Area Application Service
CVE-2015-6421

7.5HIGH

Key Information:

Vendor: Cisco
Status: Wide Area Application Services
Vendor: CVE Published:; 27 January 2016

Summary

The CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending specially crafted network traffic that consumes excessive resources, potentially leading to device reloads and service interruption. This issue affects versions of Cisco WAAS and vWAAS prior to 5.3.5d for WAAS and 5.5.3 for vWAAS.

References

http://www.securitytracker.com/id/1034831

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2016
Vulnerability Reserved
Aug 17, 2015