Vulnerability Details : CVE-2017-12250
A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-12250
- cpe:2.3:a:cisco:wide_area_application_services:6.2\(3a\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12250
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2017-12250
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2017-12250
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas
Cisco Wide Area Application Services HTTP Application Optimization Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/100928
Cisco Wide Area Application Services CVE-2017-12250 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039415
Cisco Wide Area Application Services Lets Remote Users Cause the Target Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
Jump to