Information Disclosure in Cisco Wide Area Application Services by Remote Attackers
CVE-2017-6730

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Wide Area Application Services
Vendor
CVE Published:
10 July 2017

Summary

A vulnerability exists in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager, allowing unauthenticated remote attackers to access completed reports from the affected system. This issue specifically impacts configurations utilizing the Central Manager function across several versions of Cisco WAAS software. Notably, versions 4.4(7), 6.2(1), and 6.2(3) are susceptible, while fixed releases include 6.3(0.228), 6.3(0.226), 6.2(3d)8, and 5.5(7b)17. It is crucial for administrators using affected versions to apply the necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Cisco Wide Area Application Services Cisco Wide Area Application Services

References

http://www.securityfocus.com/bid/99481
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038825
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.