Denial of Service Vulnerability in Cisco Wide Area Application Services
CVE-2017-12267

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Wide Area Application Services
Vendor: CVE Published:; 5 October 2017

Summary

A flaw in Cisco Wide Area Application Services (WAAS) and Cisco Virtual WAAS allows an unauthenticated remote attacker to exploit the ICA accelerator feature. Improper handling of unexpected protocol packets can lead to unexpected process restarts, causing a partial denial of service. Attackers can craft ICA traffic to trigger this issue, potentially disrupting service as the affected application temporarily drops ICA traffic while the process is restarting.

Affected Version(s)

Cisco Wide Area Application Services Cisco Wide Area Application Services

References

http://www.securityfocus.com/bid/101176

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2017
Vulnerability Reserved
Aug 3, 2017