Cisco Wide Area Application Services Partial Denial of Service Vulnerability

2014-05-28T18:08:15
ID CISCO-SA-20140528-CVE-2014-3285
Type cisco
Reporter Cisco
Modified 2014-05-28T18:08:09

Description

A vulnerability in Cisco Wide Area Application Services (WAAS) software, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to cause a reload of the application optimization handler.

The vulnerability is due to incorrect parsing of SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to cause partial service disruptions during the reload of the application optimization handler.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit the vulnerability, the attacker may provide a link that directs a user to a site that contains a malicious SharePoint application and use misleading language or instructions to persuade the user to follow the provided link.