CVE-2016-6437

CWE-3995 documents5 sources

Severity

5.9MEDIUM

EPSS

0.7%

top 27.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wide Area Application Services

Timeline

PublishedOct 27

Latest updateMay 17

Description

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_wide_area_application_services_(waas)_before_5.3(5g)1_and_6.x_before_6.2(2.32)Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)

▶NVDcisco/wide_area_application_services13 versions+12

🔴Vulnerability Details

GHSA

GHSA-mpwr-fprg-72gv: A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to↗2022-05-17

▶

CVEList

CVE-2016-6437: A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to↗2016-10-27

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2020-6437↗2020-04-07

▶

Cisco

Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability↗2016-10-12

▶