CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
81.1%
A vulnerability in Cisco Wide Area Application Services (WAAS) software, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to cause a reload of the application optimization handler.
The vulnerability is due to incorrect parsing of SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to cause partial service disruptions during the reload of the application optimization handler.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit the vulnerability, the attacker may provide a link that directs a user to a site that contains a malicious SharePoint application and use misleading language or instructions to persuade the user to follow the provided link.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | wide_area_application_services | any | cpe:2.3:a:cisco:wide_area_application_services:any:*:*:*:*:*:*:* |