CVE-2017-12267

CWE-119 — Buffer Overflow4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 35.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Virtual Wide Area Application Services Cisco Wide Area Application Services

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic th…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDcisco/virtual_wide_area_application_services6.2\(3b\)

▶CVEListV5cisco_wide_area_application_servicesCisco Wide Area Application Services

▶NVDcisco/wide_area_application_services6.2\(3b\)

🔴Vulnerability Details

GHSA

GHSA-pcv3-rfhw-485x: A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an↗2022-05-13

▶

CVEList

CVE-2017-12267: A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an↗2017-10-05

▶

📋Vendor Advisories

Cisco

Cisco Wide Area Application Services ICA Accelerator Denial of Service Vulnerability↗2017-10-04

▶