CVE-2015-6421
First published: Wed Jan 27 2016(Updated: )
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Wide Area Application Services | =5.1.1 | |
| Cisco Wide Area Application Services | =5.1.1a | |
| Cisco Wide Area Application Services | =5.1.1b | |
| Cisco Wide Area Application Services | =5.1.1c | |
| Cisco Wide Area Application Services | =5.1.1d | |
| Cisco Wide Area Application Services | =5.2.1 | |
| Cisco Wide Area Application Services | =5.2_base | |
| Cisco Wide Area Application Services | =5.3.1 | |
| Cisco Wide Area Application Services | =5.3.3 | |
| Cisco Wide Area Application Services | =5.3.5 | |
| Cisco Wide Area Application Services | =5.3.5a | |
| Cisco Wide Area Application Services | =5.3.5b | |
| Cisco Wide Area Application Services | =5.3.5c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6421?
CVE-2015-6421 has a high severity rating as it allows remote attackers to cause a denial of service through crafted network traffic.
How do I fix CVE-2015-6421?
The recommended fix for CVE-2015-6421 is to upgrade the Cisco Wide Area Application Services to version 5.3.5d or later.
Which Cisco devices are affected by CVE-2015-6421?
CVE-2015-6421 affects Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices running certain versions prior to 5.3.5d.
What type of attack can exploit CVE-2015-6421?
CVE-2015-6421 can be exploited through a denial of service attack targeting resource consumption and device reload.
When was CVE-2015-6421 disclosed?
CVE-2015-6421 was disclosed on January 27, 2016, highlighting its potential impact on Cisco WAAS devices.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco wide area application services
- version/cisco wide area application services/5.1.1
- version/cisco wide area application services/5.1.1a
- version/cisco wide area application services/5.1.1b
- version/cisco wide area application services/5.1.1c
- version/cisco wide area application services/5.1.1d
- version/cisco wide area application services/5.2.1
- version/cisco wide area application services/5.2_base
- version/cisco wide area application services/5.3.1
- version/cisco wide area application services/5.3.3
- version/cisco wide area application services/5.3.5
- version/cisco wide area application services/5.3.5a
- version/cisco wide area application services/5.3.5b
- version/cisco wide area application services/5.3.5c