CVE-2017-6730

Name of the Vulnerable Software and Affected Versions Cisco Wide Area Application Services (WAAS) versions 4.4(7) through 6.2(3) Cisco Wide Area Application Services (WAAS) version 6.2(1)

Description A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. This issue affects Cisco WAAS products configured with the Central Manager role, including Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, and Cisco Wide Area Application Services (WAAS) Modules.

Recommendations For versions 4.4(7) through 6.2(3), update to version 6.3(0.228) or later to resolve the issue. For version 6.2(1), update to version 6.2(3d)8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Central Manager function until a patch is available.