CVE-2017-6721

MEDIUM

Cisco WAAS <6.3(1) - DoS

Title source: llm

Description

A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22).

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99200

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038747

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas

Scores

CVSS v3 5.3

EPSS 0.0082

EPSS Percentile 74.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-20

Status published

Products (2)

cisco/wide_area_application_services

n/a/Cisco Wide Area Application Services < Cisco Wide Area Application Services

Published Jul 04, 2017

Tracked Since Feb 18, 2026