CVE-2017-6628

CWE-399 CWE-755 — Improper Exception Handling4 documents4 sources

Severity

6.8MEDIUM

EPSS

0.6%

top 29.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wide Area Application Services

Timeline

PublishedMay 3

Latest updateMay 13

Description

A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulner…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco_wide_area_application_services_smart-ssl_acceleratorCisco Wide Area Application Services SMART-SSL Accelerator

▶NVDcisco/wide_area_application_services6.2.1, 6.2.1a, 6.2.3a+2

🔴Vulnerability Details

GHSA

GHSA-cx3x-jr7v-gvm8: A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6↗2022-05-13

▶

CVEList

CVE-2017-6628: A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6↗2017-05-03

▶

📋Vendor Advisories

Cisco

Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability↗2017-05-03

▶