CVE-2013-3444

Name of the Vulnerable Software and Affected Versions Cisco WAAS Software versions prior to 4.x and 5.x before 5.0.3e Cisco WAAS Software versions 5.1.x before 5.1.1c Cisco WAAS Software versions 5.2.x before 5.2.1 Cisco ACNS Software versions 4.x and 5.x before 5.5.29.2 Cisco ECDS Software versions 2.x before 2.5.6 Cisco CDS-IS Software versions 2.x before 2.6.3.b50 Cisco CDS-IS Software versions 3.1.x before 3.1.2b54 Cisco VDS-IS Software versions 3.2.x before 3.2.1.b9 Cisco VDS-SB Software versions 1.x before 1.1.0-b96 Cisco VDS-OE Software versions 1.x before 1.0.1 Cisco VDS-OS Software versions 1.x

Description The issue allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields.

Recommendations For Cisco WAAS Software versions prior to 4.x, update to version 4.x or later. For Cisco WAAS Software versions 5.x before 5.0.3e, update to version 5.0.3e or later. For Cisco WAAS Software versions 5.1.x before 5.1.1c, update to version 5.1.1c or later. For Cisco WAAS Software versions 5.2.x before 5.2.1, update to version 5.2.1 or later. For Cisco ACNS Software versions 4.x and 5.x before 5.5.29.2, update to version 5.5.29.2 or later. For Cisco ECDS Software versions 2.x before 2.5.6, update to version 2.5.6 or later. For Cisco CDS-IS Software versions 2.x before 2.6.3.b50, update to version 2.6.3.b50 or later. For Cisco CDS-IS Software versions 3.1.x before 3.1.2b54, update to version 3.1.2b54 or later. For Cisco VDS-IS Software versions 3.2.x before 3.2.1.b9, update to version 3.2.1.b9 or later. For Cisco VDS-SB Software versions 1.x before 1.1.0-b96, update to version 1.1.0-b96 or later. For Cisco VDS-OE Software versions 1.x before 1.0.1, update to version 1.0.1 or later. For Cisco VDS-OS Software versions 1.x, update to a version that is not in central-management mode or apply the necessary patch.