Sign-up

ID

VAR-201710-0645


CVE

CVE-2017-12267


TITLE

Cisco Wide Area Application Services and Cisco Virtual Wide Area Application Services Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009269

DESCRIPTION

A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457. Vendors have confirmed this vulnerability Bug ID CSCve74457 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. This software is mainly used in the link environment with small bandwidth and large delay

Trust: 1.98

sources: NVD: CVE-2017-12267 // JVNDB: JVNDB-2017-009269 // BID: 101176 // VULHUB: VHN-102772

AFFECTED PRODUCTS

vendor:ciscomodel:virtual wide area application servicesscope:eqversion:6.2\(3b\)

Trust: 1.6

vendor:ciscomodel:wide area application servicesscope:eqversion:6.2\(3b\)

Trust: 1.6

vendor:ciscomodel:virtual wide area application services softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wide area application services softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wide area application services appliances 6.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:virtual wide area application servicesscope:eqversion:0

Trust: 0.3

sources: BID: 101176 // JVNDB: JVNDB-2017-009269 // CNNVD: CNNVD-201710-051 // NVD: CVE-2017-12267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12267
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12267
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-051
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102772
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12267
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102772
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12267
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102772 // JVNDB: JVNDB-2017-009269 // CNNVD: CNNVD-201710-051 // NVD: CVE-2017-12267

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-102772 // JVNDB: JVNDB-2017-009269 // NVD: CVE-2017-12267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-051

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201710-051

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009269

PATCH
title:cisco-sa-20171004-waas1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1
Trust: 0.8
title:Cisco Wide Area Application Services Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75269
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009269 // 
            
            
            
            CNNVD: CNNVD-201710-051

EXTERNAL IDS
db:NVDid:CVE-2017-12267
Trust: 2.8
db:BIDid:101176
Trust: 2.0
db:JVNDBid:JVNDB-2017-009269
Trust: 0.8
db:CNNVDid:CNNVD-201710-051
Trust: 0.7
db:VULHUBid:VHN-102772
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102772 // 
            
            
            
            BID: 101176 // 
            
            
            
            JVNDB: JVNDB-2017-009269 // 
            
            
            
            CNNVD: CNNVD-201710-051 // 
            
            
            
            NVD: CVE-2017-12267

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171004-waas1
Trust: 2.0
url:http://www.securityfocus.com/bid/101176
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12267
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12267
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/routers/wide-area-application-services/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102772 // 
            
            
            
            BID: 101176 // 
            
            
            
            JVNDB: JVNDB-2017-009269 // 
            
            
            
            CNNVD: CNNVD-201710-051 // 
            
            
            
            NVD: CVE-2017-12267

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101176

SOURCES
db:VULHUBid:VHN-102772
db:BIDid:101176
db:JVNDBid:JVNDB-2017-009269
db:CNNVDid:CNNVD-201710-051
db:NVDid:CVE-2017-12267

LAST UPDATE DATE
2025-04-20T23:22:10.195000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102772date:2019-10-09T00:00:00
db:BIDid:101176date:2017-10-04T00:00:00
db:JVNDBid:JVNDB-2017-009269date:2017-11-07T00:00:00
db:CNNVDid:CNNVD-201710-051date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12267date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-102772date:2017-10-05T00:00:00
db:BIDid:101176date:2017-10-04T00:00:00
db:JVNDBid:JVNDB-2017-009269date:2017-11-07T00:00:00
db:CNNVDid:CNNVD-201710-051date:2017-10-10T00:00:00
db:NVDid:CVE-2017-12267date:2017-10-05T07:29:00.667