10

CVE-2013-3443

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoWide Area Application Services Version4.1.1 Updatea
CiscoWide Area Application Services Version4.1.1 Updateb
CiscoWide Area Application Services Version4.1.1 Updatec
CiscoWide Area Application Services Version4.1.1 Updated
CiscoWide Area Application Services Version4.1.3 Updatea
CiscoWide Area Application Services Version4.1.3 Updateb
CiscoWide Area Application Services Version4.1.5 Updatea
CiscoWide Area Application Services Version4.1.5 Updateb
CiscoWide Area Application Services Version4.1.5 Updatec
CiscoWide Area Application Services Version4.1.5 Updated
CiscoWide Area Application Services Version4.1.5 Updatee
CiscoWide Area Application Services Version4.1.5 Updatef
CiscoWide Area Application Services Version4.1.5 Updateg
CiscoWide Area Application Services Version4.1.7 Updatea
CiscoWide Area Application Services Version4.1.7 Updateb
CiscoWide Area Application Services Version4.2.3 Updatea
CiscoWide Area Application Services Version4.2.3 Updateb
CiscoWide Area Application Services Version4.2.3 Updatec
CiscoWide Area Application Services Version4.3.5 Updatea
CiscoWide Area Application Services Version4.4.3 Updatea
CiscoWide Area Application Services Version4.4.3 Updateb
CiscoWide Area Application Services Version4.4.3 Updatec
CiscoWide Area Application Services Version4.4.5 Updatea
CiscoWide Area Application Services Version4.4.5 Updateb
CiscoWide Area Application Services Version4.4.5 Updatec
CiscoWide Area Application Services Version4.4.5 Updated
CiscoWide Area Application Services Version5.0.3 Updatea
CiscoWide Area Application Services Version5.0.3 Updatec
CiscoWide Area Application Services Version5.0.3 Updated
CiscoWide Area Application Services Version5.1.1 Updatea
CiscoWide Area Application Services Version5.1.1 Updateb
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6% 0.924
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/95877
http://secunia.com/advisories/54367
http://secunia.com/advisories/54372
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm
Vendor Advisory
http://www.securityfocus.com/bid/61542
http://www.securitytracker.com/id/1028851
https://exchange.xforce.ibmcloud.com/vulnerabilities/86121