Home / vulnerabilities Cisco Security Advisory 20160127-waascifs
Posted on 29 January 2016
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Wide Area Application Service CIFS Denial of Service Vulnerability
Advisory ID: cisco-sa-20160127-waascifs
Revision 1.0
For Public Release 2016 January 27 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the Common Internet File System (CIFS) optimization
feature of the Cisco Wide Area Application Service (WAAS) device could
allow an unauthenticated, remote attacker to perform a resource
consumption attack which, could result in a complete denial of service
(DoS) condition.
The vulnerability is due to insufficient flow handling of incoming CIFS
traffic. An attacker could exploit this vulnerability by sending
malicious traffic designed to trigger the vulnerability. An exploit
could allow the attacker to cause a DoS condition by exhausting system
buffering resources, resulting in a reload of the affected device.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVqfRmq89gD3EAJB5AQJDDxAAn8gJTfbn8TEzTYDMNETTOy3xObGLUA6f
70wnslFvQz4hgV4J9Op6PC54PtEyuu9DE2w2cS2QfOGmIUN1zH1+/C7HSRCaS5xc
nYftgXwI/aW4bay9mUDi5ONiz/6akZrSQ9uJhsTvs+UWe0UmMy1UTeOUj738P8g4
pwjaMgSWoxp5uyHGfGg3fs5ZUIajb/VbpMMV55p3J267W/Hbq6JPOp7VkZ6IAF6p
q47BjgWzPLtTOTzlEce5U/QRrHD3nSCMp3o6jZEupJV+oX6UlrjFIEz/rYunlFDp
wzOsvl3qgzK4Nk9x3obmBbVCbYqJoRgEC8RBOHAFfs8cOrT3tKSTYhGdnfxt2+Nw
NbEV/6QoMDb6fQA45hTbL5wQxm4ZRkghMhynnfK4mZF6be/vySa5rywAOrTXmeqf
h2P7QxxcH2AW64nx8EN2sPnKQNVckwp6aOtAYAKsZGU3ig5OCNu6BzggVyvSrFHw
oD5UffKaWcmsKq7c+y3G8eyNep0wlmjZsai/TlrpKPMWyr5Tu/xD0SavJJXtu/o8
B+BF8xG8Fft60gE1hD6aWCYOna0MGYx6ElFIBxnOs69f7DREpvuEFunyUsrV0kL4
5+Zh1pL+G2thymron/FLZl98itQInoHhXCFlkjg3fz5CL/rZbeEkXNXDbK/Dh8ii
dc5T22b+OmA=
=76fK
-----END PGP SIGNATURE-----