CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1438 – Cisco Wide Area Application Services Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1438
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access. Una vulnerabilidad en el software Cisco Wide Area Application Services (WAAS) podría permitir a un atacante local autenticado conseguir acceso a información confidencial en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6730
https://notcve.org/view.php?id=CVE-2017-6730
A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). • http://www.securityfocus.com/bid/99481 http://www.securitytracker.com/id/1038825 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2015-6421
https://notcve.org/view.php?id=CVE-2015-6421
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330. cifs-ao en la funcionalidad de optimización CIFS en dispositivos Cisco Wide Area Application Service (WAAS) y Virtual WAAS (vWAAS) 5.x en versiones anteriores a 5.3.5d y 5.4 y 5.5 en versiones anteriores a 5.5.3 permite a atacantes remotos causar una denegación de servicio (consumo de recursos y recarga de dispositivo) a través de tráfico de red manipulado, también conocida como Bug ID CSCus85330. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs http://www.securitytracker.com/id/1034831 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3285
https://notcve.org/view.php?id=CVE-2014-3285
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. Cisco Wide Area Application Services (WAAS) 5.3(.5a) y anteriores, cuando SharePoint Acceleration está habilitado, no analiza debidamente respuestas SharePoint, lo que permite a atacantes remotos causar una denegación de servicio (reinicio de manejador de optimización de aplicación) a través de una aplicación SharePoint manipulada, también conocido como Bug ID CSCue47674. • http://secunia.com/advisories/58806 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285 http://tools.cisco.com/security/center/viewAlert.x?alertId=34395 http://www.securityfocus.com/bid/67696 http://www.securitytracker.com/id/1030307 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 9%CPEs: 60EXPL: 0CVE-2013-3443
https://notcve.org/view.php?id=CVE-2013-3443
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1 con una configuración como Central Manager (CM), permite a atacantes remotos ejecutar código arbitrario a través de una petición POST manipulada. Aka Bug ID CSCuh26626. • http://osvdb.org/95877 http://secunia.com/advisories/54367 http://secunia.com/advisories/54372 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm http://www.securityfocus.com/bid/61542 http://www.securitytracker.com/id/1028851 https://exchange.xforce.ibmcloud.com/vulnerabilities/86121 • CWE-20: Improper Input Validation •