Published: 24/03/2016 Updated: 03/12/2016
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 up to and including 15.5 allows remote malicious users to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.

Affected Products

Vendor Product Versions
CiscoIos15.1\(2\)gc, 15.1\(2\)gc1, 15.1\(2\)gc2, 15.1\(2\)t, 15.1\(2\)t0a, 15.1\(2\)t1, 15.1\(2\)t2, 15.1\(2\)t2a, 15.1\(2\)t3, 15.1\(2\)t4, 15.1\(2\)t5, 15.1\(3\)t, 15.1\(3\)t1, 15.1\(3\)t2, 15.1\(3\)t3, 15.1\(3\)t4, 15.1\(4\)gc, 15.1\(4\)gc1, 15.1\(4\)gc2, 15.1\(4\)m, 15.1\(4\)m1, 15.1\(4\)m2, 15.1\(4\)m3, 15.1\(4\)m3a, 15.1\(4\)m4, 15.1\(4\)m5, 15.1\(4\)m6, 15.1\(4\)m7, 15.1\(4\)m8, 15.1\(4\)m9, 15.1\(4\)m10, 15.2\(1\)gc, 15.2\(1\)gc1, 15.2\(1\)gc2, 15.2\(1\)t, 15.2\(1\)t1, 15.2\(1\)t2, 15.2\(1\)t3, 15.2\(1\)t3a, 15.2\(1\)t4, 15.2\(2\)gc, 15.2\(2\)ja, 15.2\(2\)ja1, 15.2\(2\)jax, 15.2\(2\)jax1, 15.2\(2\)jb, 15.2\(2\)jb2, 15.2\(2\)jb3, 15.2\(2\)jb4, 15.2\(2\)jb5, 15.2\(2\)jn1, 15.2\(2\)jn2, 15.2\(2\)t, 15.2\(2\)t1, 15.2\(2\)t2, 15.2\(2\)t3, 15.2\(2\)t4, 15.2\(3\)gc, 15.2\(3\)gc1, 15.2\(3\)t, 15.2\(3\)t1, 15.2\(3\)t2, 15.2\(3\)t3, 15.2\(3\)t4, 15.2\(4\)gc, 15.2\(4\)gc1, 15.2\(4\)gc2, 15.2\(4\)gc3, 15.2\(4\)ja, 15.2\(4\)ja1, 15.2\(4\)jb, 15.2\(4\)jb1, 15.2\(4\)jb2, 15.2\(4\)jb3, 15.2\(4\)jb3a, 15.2\(4\)jb3b, 15.2\(4\)jb3h, 15.2\(4\)jb3s, 15.2\(4\)jb4, 15.2\(4\)jb5, 15.2\(4\)jb5m, 15.2\(4\)jb6, 15.2\(4\)jb7, 15.2\(4\)jb50, 15.2\(4\)jn, 15.2\(4\)m, 15.2\(4\)m1, 15.2\(4\)m2, 15.2\(4\)m3, 15.2\(4\)m4, 15.2\(4\)m5, 15.2\(4\)m6, 15.2\(4\)m6a, 15.2\(4\)m7, 15.2\(4\)m8, 15.2\(4\)m9, 15.3\(1\)t, 15.3\(1\)t1, 15.3\(1\)t2, 15.3\(1\)t3, 15.3\(1\)t4, 15.3\(2\)t, 15.3\(2\)t1, 15.3\(2\)t2, 15.3\(2\)t3, 15.3\(2\)t4, 15.3\(3\)ja, 15.3\(3\)ja1, 15.3\(3\)ja1m, 15.3\(3\)ja1n, 15.3\(3\)ja4, 15.3\(3\)ja5, 15.3\(3\)ja77, 15.3\(3\)jaa, 15.3\(3\)jab, 15.3\(3\)jax, 15.3\(3\)jax1, 15.3\(3\)jax2, 15.3\(3\)jb, 15.3\(3\)jb75, 15.3\(3\)jbb1, 15.3\(3\)jbb2, 15.3\(3\)jbb4, 15.3\(3\)jbb5, 15.3\(3\)jbb6, 15.3\(3\)jbb50, 15.3\(3\)jn3, 15.3\(3\)jn4, 15.3\(3\)jn7, 15.3\(3\)jnb, 15.3\(3\)jnb1, 15.3\(3\)jnb2, 15.3\(3\)jnc, 15.3\(3\)m, 15.3\(3\)m1, 15.3\(3\)m2, 15.3\(3\)m3, 15.3\(3\)m4, 15.3\(3\)m5, 15.3\(3\)m6, 15.4\(1\)cg, 15.4\(1\)cg1, 15.4\(1\)t, 15.4\(1\)t1, 15.4\(1\)t2, 15.4\(1\)t3, 15.4\(1\)t4, 15.4\(2\)cg, 15.4\(2\)t, 15.4\(2\)t1, 15.4\(2\)t2, 15.4\(2\)t3, 15.4\(2\)t4, 15.4\(3\)m, 15.4\(3\)m1, 15.4\(3\)m2, 15.4\(3\)m3, 15.4\(3\)m4, 15.5\(1\)t, 15.5\(1\)t1, 15.5\(1\)t2, 15.5\(2\)t, 15.5\(2\)t1, 15.5\(2\)t2, 15.5\(3\)m0a

Vendor Advisories

A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload The vulnerability is due to insufficient validation of TCP segments An attacker could exploit this vulnerability by routing a crafted TCP segment through an aff ...