CVE-2017-6628

Name of the Vulnerable Software and Affected Versions Cisco Wide Area Application Services (WAAS) versions 6.2.1 through 6.2.3a

Description A vulnerability in the SMART-SSL Accelerator functionality could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this by establishing a SMART-SSL connection and sending a crafted stream of SSL/TLS traffic, causing WAN optimization to stop processing traffic for a short period.

Recommendations For Cisco Wide Area Application Services (WAAS) versions 6.2.1 through 6.2.3a, consider temporarily disabling the SMART-SSL Accelerator functionality until a patch is available to prevent exploitation. Restrict access to the SMART-SSL connection to minimize the risk of a denial of service condition. Avoid using the SMART-SSL Accelerator functionality in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.