CVE-2015-6421 : cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) de

cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.

Published 2016-01-27 22:59:01

Updated 2016-12-07 18:20:14

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-6421

Probability of exploitation activity in the next 30 days: 0.18%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-6421

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-6421

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6421

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs

Cisco Wide Area Application Service CIFS Denial of Service Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1034831

Cisco Wide Area Application Services CIFS Flow Handling Flaw Lets Remote Users Consume Excessive Buffer Resources - SecurityTracker

Products affected by CVE-2015-6421

Cisco » Wide Area Application Services » Version: 5.1.1
cpe:2.3:a:cisco:wide_area_application_services:5.1.1:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.3.5
cpe:2.3:a:cisco:wide_area_application_services:5.3.5:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.3.3
cpe:2.3:a:cisco:wide_area_application_services:5.3.3:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.3.1
cpe:2.3:a:cisco:wide_area_application_services:5.3.1:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.2.1
cpe:2.3:a:cisco:wide_area_application_services:5.2.1:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.3.5c
cpe:2.3:a:cisco:wide_area_application_services:5.3.5c:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.3.5b
cpe:2.3:a:cisco:wide_area_application_services:5.3.5b:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.1.1c
cpe:2.3:a:cisco:wide_area_application_services:5.1.1c:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.1.1b
cpe:2.3:a:cisco:wide_area_application_services:5.1.1b:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.1.1d
cpe:2.3:a:cisco:wide_area_application_services:5.1.1d:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.3.5a
cpe:2.3:a:cisco:wide_area_application_services:5.3.5a:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.1.1a
cpe:2.3:a:cisco:wide_area_application_services:5.1.1a:*:*:*:*:*:*:*
Matching versions
Cisco » Wide Area Application Services » Version: 5.2 Base
cpe:2.3:a:cisco:wide_area_application_services:5.2_base:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-6421

Exploit prediction scoring system (EPSS) score for CVE-2015-6421

CVSS scores for CVE-2015-6421

CWE ids for CVE-2015-6421

References for CVE-2015-6421

Products affected by CVE-2015-6421