CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1438 – Cisco Wide Area Application Services Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1438
06 May 2021 — A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 2%CPEs: 3EXPL: 0CVE-2019-1876 – Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1876
20 Jun 2019 — A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by cor... • http://www.securityfocus.com/bid/108863 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0329
https://notcve.org/view.php?id=CVE-2018-0329
07 Jun 2018 — A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successfu... • http://www.securityfocus.com/bid/104590 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0352
https://notcve.org/view.php?id=CVE-2018-0352
07 Jun 2018 — A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicio... • http://www.securityfocus.com/bid/104464 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12267
https://notcve.org/view.php?id=CVE-2017-12267
05 Oct 2017 — A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the ta... • http://www.securityfocus.com/bid/101176 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12250
https://notcve.org/view.php?id=CVE-2017-12250
21 Sep 2017 — A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the ... • http://www.securityfocus.com/bid/100928 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6727
https://notcve.org/view.php?id=CVE-2017-6727
10 Jul 2017 — A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22). Una vulnerabilidad en el protocolo Server Message Block (SMB) de Cisco Wide Area Application Services (... • http://www.securityfocus.com/bid/99483 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6730
https://notcve.org/view.php?id=CVE-2017-6730
10 Jul 2017 — A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Applicati... • http://www.securityfocus.com/bid/99481 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2016-6437
https://notcve.org/view.php?id=CVE-2016-6437
27 Oct 2016 — A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32). • http://www.securityfocus.com/bid/93524 • CWE-399: Resource Management Errors •