Cisco Wide Area Application Services Partial Denial of Service Vulnerability

A vulnerability in Cisco Wide Area Application Services (WAAS) software, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to cause a reload of the application optimization handler.

The vulnerability is due to incorrect parsing of SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to cause partial service disruptions during the reload of the application optimization handler.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit the vulnerability, the attacker may provide a link that directs a user to a site that contains a malicious SharePoint application and use misleading language or instructions to persuade the user to follow the provided link.