Executive Summary

Summary
Title Cisco Wide Area Application Services Remote Code Execution Vulnerability
Informations
Name cisco-sa-20140521-waas First vendor Publication 2014-05-21
Vendor Cisco Last vendor Modification 2014-05-21
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.

The vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTfNQFAAoJEIpI1I6i1Mx3YIoP/2+b0x8NEUrHJdg75WyFcjnI WG6vOR6yrQjXxf9OHwY4bXqQOgCU6qY5ZnkEschnoxkhjAol7QOE85JuXxc5LhMj mgsaeUBeA8H2p8ozYM/QuxK2w57RLtX1FN6fRR09o1STk0012DOO9orPdY+w4ru3 W+y00m/MYCW00WOEfPLGNha5TH/Y9fL3Jwffnnou7kPV7cTd2YaJ6rZ9LD8HlqXO qU5cc8bjjSsbijkPnCbtvgxxuLTkffs+qBYRWIVkVnICiEN96616BIi+6jmsyyQ +H7jr9oinydk3SLHe7lPvwhiSWFGr6ivhhy74Aj7Zvp2ephYRGMJmiiVY7zxX7KLy 3iD4DCH+xyZ0wAlQYq+sczhgdovWIyOH2Whsc6IBcfIVMZ/teo96q6AGHlnCxZFE O7x+Pq0nN/apCtOqGuyZedJxgsk5IWAqtQsFVKlSyIBdq98UnJDz/ZiQXRROSrah HdiLcsOeLmeJr7JxYlmRAcbDUGcNTXn7mi56H36JdY3EUNKDuu27DFZaMfpsuKCO W4J2TmKp23cyL4gbr5EQEeh6y6Wmsj5gAhv7cjZFBizVYPO9vBb6kTMW9LnMnQ6q jFzrFPxNpGXjbrhtksgKAosDzm3ZDEOgn5UEh8xC04pqwg5xkFB3Ldc2CMCQCqYQ JePttEHu/P5KFMFSsD/K =9Haw END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-05-27 21:27:24
  • Multiple Updates
2014-05-21 21:22:19
  • First insertion