CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6628
https://notcve.org/view.php?id=CVE-2017-6628
03 May 2017 — A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by e... • http://www.securityfocus.com/bid/98294 • CWE-399: Resource Management Errors CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2016-6437
https://notcve.org/view.php?id=CVE-2016-6437
27 Oct 2016 — A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32). • http://www.securityfocus.com/bid/93524 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2015-6421
https://notcve.org/view.php?id=CVE-2015-6421
27 Jan 2016 — cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330. cifs-ao en la funcionalidad de optimización CIFS en dispositivos Cisco Wide Area Application Service (WAAS) y Virtual WAAS (vWAAS) 5.x en versiones anteriores a 5.3.5d y 5.4 y 5.5 en versiones ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0730
https://notcve.org/view.php?id=CVE-2015-0730
16 May 2015 — The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645. El módulo SMB en Cisco Wide Area Application Services (WAAS) 6.0(1) permite a atacantes remotos causar una denegación de servicio (recarga de módulo) a través de un campo inválido en una solicitud Negotiate Protocol, también conocido como Bug ID CSCuo75645. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38865 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2014-3285
https://notcve.org/view.php?id=CVE-2014-3285
29 May 2014 — Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. Cisco Wide Area Application Services (WAAS) 5.3(.5a) y anteriores, cuando SharePoint Acceleration está habilitado, no analiza debidamente respuestas SharePoint, lo que permite a atacantes remotos c... • http://secunia.com/advisories/58806 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2014-2196
https://notcve.org/view.php?id=CVE-2014-2196
23 May 2014 — Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. Cisco Wide Area Application Services (WAAS) 5.1.1 anterior a 5.1.1e, cuando optimización de pre-captura SharePoint está habilitada, permite a servidores SharePoint remotos ejecutar código arbitrario a través de una respuesta malformada, también conocido como Bug ID CSCue18479. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-5554 – Cisco WAAS Mobile Server ReportReceiver CAB Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5554
08 Nov 2013 — Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773. Vulnerabilidad de salto de directorio en la interfaz web-management en el servidor de Cisco Wide Area Application Services (WAAS) Mobile anterior a la versión 3.5.5 permite a atacantes remotos subir y ejecutar archivos arbitrarios a través de peticione... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 7%CPEs: 60EXPL: 0CVE-2013-3443
https://notcve.org/view.php?id=CVE-2013-3443
31 Jul 2013 — The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1 con una configuración como Central Manager (CM), permite a atacantes remotos ejecutar código arbitrario a través de una p... • http://osvdb.org/95877 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 120EXPL: 0CVE-2013-3444
https://notcve.org/view.php?id=CVE-2013-3444
31 Jul 2013 — The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbi... • http://secunia.com/advisories/54367 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1348
https://notcve.org/view.php?id=CVE-2012-1348
06 Aug 2012 — Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. Los aplicativos Cisco Wide Area Application Services (WAAS) con software v4.4, v5.0, y v5.1 incluye un hash de un solo sentido de una contraseña sin salida de texto, lo que podría permitir a atacantes remotos obtener información sens... • http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •