Vulnslist

find the latest Cisco vulnerabilities

Cisco Wide Area Application Services Partial Denial of Service Vulnerability

Cisco-SA-20140528-CVE-2014-3285 · Medium · Published · Updated

A vulnerability in Cisco Wide Area Application Services (WAAS) software, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to cause a reload of the application optimization handler. The vulnerability is due to incorrect parsing of SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to cause partial service disruptions during the reload of the application optimization handler. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit the vulnerability, the attacker may provide a link that directs a user to a site that contains a malicious SharePoint application and use misleading language or instructions to persuade the user to follow the provided link.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Users should verify that unsolicited links are safe to follow.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-3285
Cisco Bug IDsCSCue47674
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
Product Names From Source
Cisco Wide Area Application Services (WAAS)

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Wide Area Application Services (WAAS) known_affected cisco_csaf CVE-2014-3285 1

Related Products

Product CVE Evidence
Cisco Wide Area Application Services (WAAS) CVE-2014-3285 Cisco OpenVuln
Cisco Wide Area Application Services Software CVE-2014-3285 Cisco OpenVuln