Skip to main content

Wide Area Application Services CVE-2014-2196

CRITICAL
Code Injection (CWE-94)
2014-05-26 psirt@cisco.com
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
May 26, 2014 - 00:25 cve.org
CRITICAL 9.3

DescriptionCVE.org

Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.

AnalysisAI

Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. Affected products include: Cisco Wide Area Application Services. Version information: before 5.1.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2013-3443 CRITICAL
10.0 Aug 01

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1

CVE-2013-3444 CRITICAL
9.0 Aug 01

The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1;

CVE-2015-6421 HIGH
7.5 Jan 27

cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) de

CVE-2017-6628 MEDIUM
6.8 May 03

A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, an

CVE-2018-0352 MEDIUM
6.7 Jun 07

A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could al

CVE-2017-12256 MEDIUM
6.5 Oct 05

A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an u

CVE-2016-6437 MEDIUM
5.9 Oct 27

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauth

CVE-2021-1438 MEDIUM
5.5 May 06

A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to

CVE-2017-12250 MEDIUM
5.3 Sep 21

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated

CVE-2017-6727 MEDIUM
5.3 Jul 10

A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an

CVE-2017-6721 MEDIUM
5.3 Jul 04

A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could

CVE-2017-12267 MEDIUM
5.3 Oct 05

A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application

Share

CVE-2014-2196 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy