6.8
CVE-2017-6628
- EPSS 0.63%
- Published 03.05.2017 21:59:00
- Last modified 20.04.2025 01:37:25
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Wide Area Application Services Version6.2.1
Cisco ≫ Wide Area Application Services Version6.2.1a
Cisco ≫ Wide Area Application Services Version6.2.3a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.679 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 2.2 | 4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.