ID CVE-2014-2196 Type cve Reporter cve@mitre.org Modified 2016-09-07T18:16:00
Description
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.
{"securityvulns": [{"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-2196"], "description": "SharePoint prefetch memory corruption.", "edition": 1, "modified": "2014-05-30T00:00:00", "published": "2014-05-30T00:00:00", "id": "SECURITYVULNS:VULN:13798", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13798", "title": "Cisco Wide Area Application Services code execution", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisco": [{"lastseen": "2020-12-24T11:41:43", "bulletinFamily": "software", "cvelist": ["CVE-2014-2196"], "description": "A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.\n\nThe vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance.\n\nCisco has released software updates that address this vulnerability. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas\"]", "modified": "2014-05-21T14:37:34", "published": "2014-05-21T16:00:00", "id": "CISCO-SA-20140521-WAAS", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas", "type": "cisco", "title": "Cisco Wide Area Application Services Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
