CVE-2014-3285
Description
Cisco WAAS 5.3(.5a) and earlier, with SharePoint acceleration enabled, can be DoS'd via a crafted SharePoint response due to improper parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco WAAS 5.3(.5a) and earlier, with SharePoint acceleration enabled, can be DoS'd via a crafted SharePoint response due to improper parsing.
Vulnerability
Cisco Wide Area Application Services (WAAS) versions 5.3(.5a) and earlier, when SharePoint acceleration is enabled, contain a vulnerability in parsing SharePoint responses. A crafted SharePoint application can trigger a denial of service condition by causing the application-optimization handler to reload. This issue is tracked as Bug ID CSCue47674 [1].
Exploitation
An attacker must deliver a crafted SharePoint response to the affected Cisco WAAS device. No authentication is required; the attacker only needs network access to deliver the malicious response. The vulnerability is triggered during the parsing process when SharePoint acceleration is active [1].
Impact
Successful exploitation results in a denial of service (DoS) condition, causing the application-optimization handler to reload. This disrupts the acceleration service but does not lead to unauthorized data access or code execution [1].
Mitigation
Cisco has not released a software update for this vulnerability as of the publication date. The vendor recommends disabling SharePoint acceleration if possible, or applying access control lists to limit exposure to trusted SharePoint servers. No workaround was provided in the available references [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16cpe:2.3:a:cisco:wide_area_application_services:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:cisco:wide_area_application_services:*:*:*:*:*:*:*:*range: <=5.3\(.5a\)
- cpe:2.3:a:cisco:wide_area_application_services:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.2\(.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3\(.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3\(.3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3\(.5\):*:*:*:*:*:*:*
- Range: <=5.3(.5a)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
- www.securityfocus.com/bid/67696nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1030307nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/58806nvdPermissions Required
News mentions
0No linked articles in our index yet.