Denial-of-Service Vulnerability in Cisco WAAS Appliances
CVE-2017-12256

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Wide Area Application Services
Vendor: CVE Published:; 5 October 2017

What is CVE-2017-12256?

A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances enables a remote attacker to trigger a denial-of-service (DoS) condition. The issue arises from specific inefficiencies in file handling within the system. By directing client systems to a corrupted file that cannot be correctly decompressed, an attacker could exploit this vulnerability, leading to device crashes or hangs. This condition may necessitate manual intervention to restore normal operations. For further details, see Cisco's security advisory.

Affected Version(s)

Cisco Wide Area Application Services Cisco Wide Area Application Services

References

http://www.securityfocus.com/bid/101180

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2017
Vulnerability Reserved
Aug 3, 2017