Cisco Wide Area Application Services vulnerabilities

CVE-2021-1438 [MEDIUM] CWE-668 CVE-2021-1438: A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerabi

CVE-2019-1876 [MEDIUM] CWE-306 CVE-2019-1876: A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software c A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS

CVE-2018-0329 [MEDIUM] CWE-798 CVE-2018-0329: A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) featur A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for t

CVE-2018-0352 [MEDIUM] CWE-264 CVE-2018-0352: A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAA A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient vali

CVE-2017-12267 [MEDIUM] CWE-119 CVE-2017-12267: A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wi A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly a

CVE-2017-12250 [MEDIUM] CWE-399 CVE-2017-12250: A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allo A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameter

CVE-2017-6727 [MEDIUM] CWE-20 CVE-2017-6727: A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services ( A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a)

CVE-2017-6730 [MEDIUM] CWE-200 CVE-2017-6730: A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Se

CVE-2017-6721 [MEDIUM] CWE-20 CVE-2017-6721: A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application S A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.1

CVE-2017-6628 [MEDIUM] CWE-399 CVE-2017-6628: A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAA A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Tr

CVE-2016-6437 [MEDIUM] CWE-399 CVE-2016-6437: A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) c A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1

CVE-2015-6421 [HIGH] CWE-399 CVE-2015-6421: cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Vir cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.

CVE-2015-0730 [MEDIUM] CWE-20 CVE-2015-0730: The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to caus The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.

CVE-2014-3285 [MEDIUM] CWE-20 CVE-2014-3285: Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is en Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.

CVE-2014-2196 [CRITICAL] CWE-94 CVE-2014-2196: Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimizati Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.

CVE-2013-3444 [CRITICAL] CWE-78 CVE-2013-3444: The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x befor

CVE-2013-3443 [CRITICAL] CWE-20 CVE-2013-3443: The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.

CVE-2012-1348 [MEDIUM] CWE-200 CVE-2012-1348: Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279.

CVE-2007-3923 [HIGH] CVE-2007-3923: The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4 The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.