Cisco Wide Area Application Services TCP Fragment Denial of Service Vulnerability
cisco-sa-20170621-waas · Medium · Published · Updated
A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of TCP packets when a packet chain is fragmented. An attacker could exploit this vulnerability by sending a crafted set of TCP fragments through an affected device. An exploit could allow the attacker to cause a DoS condition due to a process restarting unexpectedly. The WAAS could drop traffic during the brief time that the WAASNET process is restarting. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas