Denial of Service Vulnerability in Cisco WAAS SSL/TLS Functionality
CVE-2017-6628

6.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Wide Area Application Services Smart-ssl Accelerator
Vendor
CVE Published:
3 May 2017

Summary

A flaw in the SMART-SSL Accelerator of Cisco's Wide Area Application Services (WAAS) versions 6.2.1, 6.2.1a, and 6.2.3a permits an unauthenticated remote attacker to disrupt service. By exploiting improper handling of Secure Sockets Layer/Transport Layer Security (SSL/TLS) alerts during a specific connection state, an attacker can send a manipulated stream of SSL/TLS traffic. This results in a denial of service condition that temporarily halts WAN optimization functionality while the process restarts, thereby affecting the overall performance of the service. For further details, refer to Cisco's security advisory and related bug reports.

Affected Version(s)

Cisco Wide Area Application Services SMART-SSL Accelerator Cisco Wide Area Application Services SMART-SSL Accelerator

References

http://www.securityfocus.com/bid/98294
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038399
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.