CVE-2013-3384

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance versions prior to 7.1.3-013 Cisco Web Security Appliance versions prior to 7.5.0-838 Cisco Web Security Appliance versions prior to 7.7.0-550 Cisco Email Security Appliance versions prior to 7.1.5-104 Cisco Email Security Appliance versions prior to 7.3.2-026 Cisco Email Security Appliance versions prior to 7.5.2-203 Cisco Email Security Appliance versions prior to 7.6.3-019 Cisco Content Security Management Appliance versions prior to 7.2.2-110 Cisco Content Security Management Appliance versions prior to 7.7.0-213 Cisco Content Security Management Appliance versions prior to 7.9.1-102

Description The web framework in Cisco devices allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL.

Recommendations For Cisco Web Security Appliance versions prior to 7.1.3-013, update to version 7.1.3-013 or later. For Cisco Web Security Appliance versions prior to 7.5.0-838, update to version 7.5.0-838 or later. For Cisco Web Security Appliance versions prior to 7.7.0-550, update to version 7.7.0-550 or later. For Cisco Email Security Appliance versions prior to 7.1.5-104, update to version 7.1.5-104 or later. For Cisco Email Security Appliance versions prior to 7.3.2-026, update to version 7.3.2-026 or later. For Cisco Email Security Appliance versions prior to 7.5.2-203, update to version 7.5.2-203 or later. For Cisco Email Security Appliance versions prior to 7.6.3-019, update to version 7.6.3-019 or later. For Cisco Content Security Management Appliance versions prior to 7.2.2-110, update to version 7.2.2-110 or later. For Cisco Content Security Management Appliance versions prior to 7.7.0-213, update to version 7.7.0-213 or later. For Cisco Content Security Management Appliance versions prior to 7.9.1-102, update to version 7.9.1-102 or later.