CVE-2007-3923 - OpenCVE

The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Wide Area Application Engine Wide Area Application Engine Nm-wae-502 Wide Area Application Services

Configuration 1 [-]

AND

OR	cpe:2.3:h:cisco:wide_area_application_engine::::::::
	cpe:2.3:h:cisco:wide_area_application_engine_nm-wae-502::::::::

OR	cpe:2.3:a:cisco:wide_area_application_services:4.0.7:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.9:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/26122
http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml
http://www.osvdb.org/36120
http://www.securityfocus.com/bid/24956
http://www.securitytracker.com/id?1018416
http://www.vupen.com/english/advisories/2007/2572
https://exchange.xforce.ibmcloud.com/vulnerabilities/35477

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-21T00:00:00

Updated: 2024-08-07T14:37:05.455Z

Reserved: 2007-07-20T00:00:00

Link: CVE-2007-3923

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-21T00:30:00.000

Modified: 2017-07-29T01:32:37.537

Link: CVE-2007-3923

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"}, {"name": "ADV-2007-2572", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2572"}, {"name": "24956", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24956"}, {"name": "36120", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/36120"}, {"name": "cisco-waas-edgeservice-dos(35477)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"}, {"name": "1018416", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018416"}, {"name": "26122", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26122"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3923", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"}, {"name": "ADV-2007-2572", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2572"}, {"name": "24956", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24956"}, {"name": "36120", "refsource": "OSVDB", "url": "http://www.osvdb.org/36120"}, {"name": "cisco-waas-edgeservice-dos(35477)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"}, {"name": "1018416", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018416"}, {"name": "26122", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26122"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:37:05.455Z"}, "title": "CVE Program Container", "references": [{"name": "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"}, {"name": "ADV-2007-2572", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2572"}, {"name": "24956", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24956"}, {"name": "36120", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/36120"}, {"name": "cisco-waas-edgeservice-dos(35477)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"}, {"name": "1018416", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018416"}, {"name": "26122", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26122"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3923", "datePublished": "2007-07-21T00:00:00", "dateReserved": "2007-07-20T00:00:00", "dateUpdated": "2024-08-07T14:37:05.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wide_area_application_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B05D957-4CD3-4489-B8AC-05DE3E8DC2D1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:wide_area_application_engine_nm-wae-502:*:*:*:*:*:*:*:*", "matchCriteriaId": "02245BBD-6655-4604-B158-C71D28736754", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3773CE5E-D27E-46A0-B2EC-4693747FCFD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A813F07A-0429-4C5F-B821-EDAB74B93072", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445."}, {"lang": "es", "value": "La optimizaci\u00f3n Common Internet File System (CIFS)de Cisco Wide Area Application Services (WAAS) 4.0.7 y 4.0.9, tal y como se usa en Cisco WAE appliance y el m\u00f3dulo de red NM-WAE-502, cuando Edge Services est\u00e1 configurado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de servicio) mediante una indundaci\u00f3n de paquetes TCP SYN al puerto (1) 139 \u00f3 (2) 445."}], "id": "CVE-2007-3923", "lastModified": "2017-07-29T01:32:37.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-21T00:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26122"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/36120"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24956"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securitytracker.com/id?1018416"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2572"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}