CVE-2017-12250

CWE-399 CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.8%

top 25.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wide Area Application Services

Timeline

PublishedSep 21

Latest updateMay 13

Description

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit coul…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco_wide_area_application_servicesCisco Wide Area Application Services

▶NVDcisco/wide_area_application_services6.2\(3a\)

🔴Vulnerability Details

GHSA

GHSA-3mqr-qfx8-hxc8: A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an↗2022-05-13

▶

CVEList

CVE-2017-12250: A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an↗2017-09-21

▶

📋Vendor Advisories

Cisco

Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability↗2017-09-20

▶