Details of VAR-201709-0658

ID

VAR-201709-0658

CVE

CVE-2017-12250

TITLE

Cisco Wide Area Application Services Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008415

DESCRIPTION

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048. Vendors have confirmed this vulnerability Bug ID CSCvc63048 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. This software is mainly used in the link environment with small bandwidth and large delay

Trust: 1.98

sources: NVD: CVE-2017-12250 // JVNDB: JVNDB-2017-008415 // BID: 100928 // VULHUB: VHN-102754

AFFECTED PRODUCTS

vendor:	cisco	model:	wide area application services	scope:	eq	version:	6.2\(3a\)	Trust: 1.6
vendor:	cisco	model:	wide area application services software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wide area application services 6.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	ne	version:	6.3(0.175)	Trust: 0.3
vendor:	cisco	model:	wide area application services 6.2 6	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	ne	version:	6.2(3.22)	Trust: 0.3

sources: BID: 100928 // JVNDB: JVNDB-2017-008415 // CNNVD: CNNVD-201709-1036 // NVD: CVE-2017-12250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12250
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12250
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-1036
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102754
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12250
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102754
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12250
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102754 // JVNDB: JVNDB-2017-008415 // CNNVD: CNNVD-201709-1036 // NVD: CVE-2017-12250

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-102754 // JVNDB: JVNDB-2017-008415 // NVD: CVE-2017-12250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1036

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 100928 // CNNVD: CNNVD-201709-1036

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008415

PATCH

title:	cisco-sa-20170920-waas	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas	Trust: 0.8
title:	Cisco Wide Area Application Services Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75051	Trust: 0.6

sources: JVNDB: JVNDB-2017-008415 // CNNVD: CNNVD-201709-1036

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12250	Trust: 2.8
db:	BID	id:	100928	Trust: 2.0
db:	SECTRACK	id:	1039415	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-008415	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1036	Trust: 0.7
db:	VULHUB	id:	VHN-102754	Trust: 0.1

sources: VULHUB: VHN-102754 // BID: 100928 // JVNDB: JVNDB-2017-008415 // CNNVD: CNNVD-201709-1036 // NVD: CVE-2017-12250

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-waas	Trust: 2.0
url:	http://www.securityfocus.com/bid/100928	Trust: 1.7
url:	http://www.securitytracker.com/id/1039415	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12250	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12250	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/routers/wide-area-application-services/index.html	Trust: 0.3

sources: VULHUB: VHN-102754 // BID: 100928 // JVNDB: JVNDB-2017-008415 // CNNVD: CNNVD-201709-1036 // NVD: CVE-2017-12250

CREDITS

Cisco

Trust: 0.3

sources: BID: 100928

SOURCES

db:	VULHUB	id:	VHN-102754
db:	BID	id:	100928
db:	JVNDB	id:	JVNDB-2017-008415
db:	CNNVD	id:	CNNVD-201709-1036
db:	NVD	id:	CVE-2017-12250

LAST UPDATE DATE

2025-04-20T23:29:34.295000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102754	date:	2019-10-09T00:00:00
db:	BID	id:	100928	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008415	date:	2017-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201709-1036	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12250	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102754	date:	2017-09-21T00:00:00
db:	BID	id:	100928	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008415	date:	2017-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201709-1036	date:	2017-09-22T00:00:00
db:	NVD	id:	CVE-2017-12250	date:	2017-09-21T05:29:00.387