CVE-2016-6437
Published on: 10/27/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:12 PM UTC
Certain versions of Wide Area Application Services from Cisco contain the following vulnerability:
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).
- CVE-2016-6437 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.9 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | HIGH | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 7.1 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability | Vendor Advisory tools.cisco.com text/html |
![]() |
Cisco Wide Area Application Services Lets Remote Users Consume Excessive Disk Space Resources - SecurityTracker | www.securitytracker.com text/html |
![]() |
Cisco Wide Area Application Services CVE-2016-6437 Remote Denial of Service Vulnerability | cve.report (archive) text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
- cpe:2.3:a:cisco:wide_area_application_services:5.3.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.3:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5a:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5b:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5c:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5d:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5e:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5f:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.2.1a:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.3:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5a:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5b:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5c:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5d:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5e:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.3.5f:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.2.1a:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE