PT-2012-3201 · Cisco · Cisco Waas
Published
2012-08-06
·
Updated
2012-08-07
·
CVE-2012-1348
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Wide Area Application Services (WAAS) appliances version 4.4
Cisco Wide Area Application Services (WAAS) appliances version 5.0
Cisco Wide Area Application Services (WAAS) appliances version 5.1
Description
The issue allows remote attackers to potentially obtain sensitive information via a brute-force attack on a one-way hash of a password included within output text.
Recommendations
For version 4.4, update to a version that does not include the vulnerable password hash output.
For version 5.0, update to a version that does not include the vulnerable password hash output.
For version 5.1, update to a version that does not include the vulnerable password hash output.
As a temporary workaround, consider restricting access to the output text that includes the password hash to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Waas