製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco Wide Area Application Services および Cisco Virtual Wide Area Application Services におけるバッファエラーの脆弱性

Title	Cisco Wide Area Application Services および Cisco Virtual Wide Area Application Services におけるバッファエラーの脆弱性
Summary	Cisco Wide Area Application Services (WAAS) および Cisco Virtual Wide Area Application Services (vWAAS) には、バッファエラーの脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCve74457 として公開しています。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 4, 2017, midnight
Registration Date	Nov. 7, 2017, 5:19 p.m.
Last Update	Nov. 7, 2017, 5:19 p.m.

Affected System

シスコシステムズ

Cisco Virtual Wide Area Application Services ソフトウエア

Cisco Wide Area Application Services ソフトウェア

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-12267	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12267
National Vulnerability Database (NVD)
2	CVE-2017-12267	https://nvd.nist.gov/vuln/detail/CVE-2017-12267

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-20171004-waas1	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1

Change Log

No	Changed Details	Date of change
0	[2017年11月07日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-12267

Summary	A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457.
Publication Date	Oct. 5, 2017, 4:29 p.m.
Registration Date	Jan. 26, 2021, 1:13 p.m.
Last Update	Nov. 21, 2024, 12:09 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cisco:wide_area_application_services:6.2\(3b\):::::::*
cpe:2.3:a:cisco:virtual_wide_area_application_services:6.2\(3b\):::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/101176	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/101176	Third Party Advisory VDB Entry
3	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1	Vendor Advisory
4	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html