Vulnslist

find the latest Cisco vulnerabilities

Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability

cisco-sa-20170705-waas1 · Medium · Published · Updated

A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability is due to a processing error in how the affected software applies role-based access control (RBAC) to URLs. An attacker could exploit this vulnerability by conducting a brute-force attack or guessing the report ID of a completed report and sending a crafted HTTP GET request with the ID to an affected system. A successful exploit could allow the attacker to download any completed report that was previously scheduled by a WAAS administrator via the Reports Central area in the WAAS Central Manager GUI of the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6730
Cisco Bug IDsCSCvd87574
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Wide Area Application Services (WAAS)

Related Products

Product CVE Evidence
Cisco Wide Area Application Services (WAAS) CVE-2017-6730 Cisco OpenVuln
Cisco Wide Area Application Services Software CVE-2017-6730 Cisco OpenVuln