CVE-2017-6628 : Security Advisory and Response

A vulnerability in the SMART-SSL Accelerator feature of Cisco Wide Area Application Services (WAAS) versions 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthorized remote attacker to disrupt services by causing a denial of service (DoS) situation.

Understanding CVE-2017-6628

This CVE involves a flaw in the SMART-SSL Accelerator feature of Cisco WAAS, potentially leading to a DoS scenario.

What is CVE-2017-6628?

The vulnerability arises from mishandling SSL/TLS alerts in a specific connection state, allowing attackers to interrupt WAN optimization by manipulating SSL/TLS traffic.

The Impact of CVE-2017-6628

Unauthorized remote attackers could exploit the vulnerability to disrupt services and cause a temporary halt in traffic processing.

Technical Details of CVE-2017-6628

The following technical details provide insight into the vulnerability and its implications.

Vulnerability Description

The flaw in the SMART-SSL Accelerator feature of Cisco WAAS versions 6.2.1, 6.2.1a, and 6.2.3a could lead to a DoS condition.

Affected Systems and Versions

Cisco Wide Area Application Services SMART-SSL Accelerator

Exploitation Mechanism

Attackers need to establish a SMART-SSL connection through the device and send manipulated SSL/TLS traffic to disrupt WAN optimization.

Mitigation and Prevention

Protecting systems from CVE-2017-6628 requires immediate actions and long-term security practices.

Immediate Steps to Take

Apply vendor-provided patches and updates promptly.
Monitor network traffic for any suspicious activity.
Implement firewall rules to restrict unauthorized access.

Long-Term Security Practices

Regularly update and patch all software and firmware.
Conduct security assessments and penetration testing to identify vulnerabilities.
Educate users and IT staff on cybersecurity best practices.

Patching and Updates

Cisco has released patches to address the vulnerability. Ensure timely installation of these updates.