Details of VAR-201405-0355

ID

VAR-201405-0355

CVE

CVE-2014-3285

TITLE

Cisco Wide Area Application Services Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002682

DESCRIPTION

Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. Cisco Wide Area Application Services is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCue47674. This software is mainly used in the link environment with small bandwidth and large delay. There is a security vulnerability in Cisco WAAS 5.3(.5a) and earlier versions. The vulnerability is caused by the program not correctly parsing the SharePoint response when using the SharePoint acceleration function

Trust: 1.98

sources: NVD: CVE-2014-3285 // JVNDB: JVNDB-2014-002682 // BID: 67696 // VULHUB: VHN-71225

AFFECTED PRODUCTS

vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1\(.1f\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1\(.1a\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1\(.1d\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1\(.1c\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1\(.1b\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1\(.1e\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1\(.1\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3\(.5\)	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	lte	version:	5.3\(.5a\)	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.2	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3\(.3\)	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3\(.1\)	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.2\(.1\)	Trust: 1.0
vendor:	cisco	model:	wide area application engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	lte	version:	5.3(.5a)	Trust: 0.8
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3\(.5a\)	Trust: 0.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3.5	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3.3	Trust: 0.3
vendor:	cisco	model:	wide area application services 5.1.1f	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services 5.1.1e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services 5.1.1d	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services 5.1.1c	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services 5.1.1b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services 5.1.1a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services 5.3.5a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.3.1	Trust: 0.3

sources: BID: 67696 // JVNDB: JVNDB-2014-002682 // CNNVD: CNNVD-201405-567 // NVD: CVE-2014-3285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3285
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3285
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-567
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71225
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3285
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71225
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71225 // JVNDB: JVNDB-2014-002682 // CNNVD: CNNVD-201405-567 // NVD: CVE-2014-3285

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71225 // JVNDB: JVNDB-2014-002682 // NVD: CVE-2014-3285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-567

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-567

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002682

PATCH

title:	Cisco WAAS Partial Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285	Trust: 0.8
title:	34395	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34395	Trust: 0.8

sources: JVNDB: JVNDB-2014-002682

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3285	Trust: 2.8
db:	BID	id:	67696	Trust: 1.4
db:	SECUNIA	id:	58806	Trust: 1.1
db:	SECTRACK	id:	1030307	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002682	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-567	Trust: 0.7
db:	CISCO	id:	20140528 CISCO WAAS PARTIAL DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71225	Trust: 0.1

sources: VULHUB: VHN-71225 // BID: 67696 // JVNDB: JVNDB-2014-002682 // CNNVD: CNNVD-201405-567 // NVD: CVE-2014-3285

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3285	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34395	Trust: 2.0
url:	http://www.securityfocus.com/bid/67696	Trust: 1.1
url:	http://www.securitytracker.com/id/1030307	Trust: 1.1
url:	http://secunia.com/advisories/58806	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3285	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3285	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71225 // BID: 67696 // JVNDB: JVNDB-2014-002682 // CNNVD: CNNVD-201405-567 // NVD: CVE-2014-3285

CREDITS

Cisco

Trust: 0.3

sources: BID: 67696

SOURCES

db:	VULHUB	id:	VHN-71225
db:	BID	id:	67696
db:	JVNDB	id:	JVNDB-2014-002682
db:	CNNVD	id:	CNNVD-201405-567
db:	NVD	id:	CVE-2014-3285

LAST UPDATE DATE

2025-04-13T23:31:39.076000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71225	date:	2016-09-07T00:00:00
db:	BID	id:	67696	date:	2014-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-002682	date:	2014-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201405-567	date:	2014-06-03T00:00:00
db:	NVD	id:	CVE-2014-3285	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71225	date:	2014-05-29T00:00:00
db:	BID	id:	67696	date:	2014-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-002682	date:	2014-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201405-567	date:	2014-05-29T00:00:00
db:	NVD	id:	CVE-2014-3285	date:	2014-05-29T17:55:05.397