CVE-2007-3923

CWE-3994 documents4 sources

Severity

7.8HIGH

EPSS

1.3%

top 20.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wide Area Application Services

Timeline

PublishedJul 21

Latest updateMay 1

Description

The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/wide_area_application_services4.0.7, 4.0.9+1

Patches

Patch: secunia.com ↗Patch: www.cisco.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fv75-9f4p-j7c2: The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4↗2022-05-01

▶

CVEList

CVE-2007-3923: The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4↗2007-07-21

▶

📋Vendor Advisories

Cisco

Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software↗2007-07-18

▶