CVE-2014-2196

CWE-94 — Code Injection CWE-119 — Buffer Overflow4 documents4 sources

Severity

9.3CRITICAL

EPSS

3.0%

top 13.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wide Area Application Services

Timeline

PublishedMay 26

Latest updateMay 17

Description

Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/wide_area_application_services5.1.1

🔴Vulnerability Details

GHSA

GHSA-84xf-fv65-wjp3: Cisco Wide Area Application Services (WAAS) 5↗2022-05-17

▶

CVEList

CVE-2014-2196: Cisco Wide Area Application Services (WAAS) 5↗2014-05-23

▶

📋Vendor Advisories

Cisco

Cisco Wide Area Application Services Remote Code Execution Vulnerability↗2014-05-21

▶