A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to insufficient validation of TCP segments.

An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device.

A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition.

To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software.
In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface.
In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f

This advisory is part of the March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities.

All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of advisories and links to them, see Cisco Event Response: Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to insufficient validation of TCP segments.

An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device.

A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition.

To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software.
In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface.
In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f

This advisory is part of the March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities.

All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of advisories and links to them, see Cisco Event Response: Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2016-1347