CVE-2017-6721
MEDIUMCisco Wide Area Application Services - Denial of Service via Fragmented TCP Packet Processing
Title source: llmDescription
A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22).
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038747
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99200
Scores
CVSS v3
5.3
EPSS
0.0220
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-20
Status
published
Products (2)
cisco/wide_area_application_services
6.3\(1\)
n/a/Cisco Wide Area Application Services
Cisco Wide Area Application Services
Published
Jul 04, 2017
Tracked Since
Feb 18, 2026