Software: Cisco Wide Area Application Services (WAAS)
Description:
A vulnerability has been reported in Cisco Wide Area Application Services (WAAS), which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in Edge Services, which uses CIFS optimisation, when handling packets sent to ports 139/TCP and 445/TCP. This can be exploited to cause a device running WAAS to stop processing all traffic by sending a TCP SYN flood to port 139/TCP or 445/TCP.
Successful exploitation requires that WAAS is configured for Edge Services.
The vulnerability is reported in WAE appliances and the NM-WAE-502 network modules running WAAS versions 4.0.7 or 4.0.9.
Solution:
Update to version 4.0.11.
Subscribe to:
Post Comments (Atom)
1 comment:
Interesting to know.
Post a Comment