PT-2013-4398 · Cisco · Cisco Waas

Published

2013-07-31

Updated

2017-08-29

CVE-2013-3443

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco WAAS Software versions 4.x through 5.0.3e Cisco WAAS Software versions 5.1.x through 5.1.1c Cisco WAAS Software versions 5.2.x through 5.2.1

Description The web service framework in Cisco WAAS Software allows remote attackers to execute arbitrary code via a crafted POST request. This issue is present in a Central Manager configuration.

Recommendations For Cisco WAAS Software versions 4.x through 5.0.3e, update to version 5.0.3e or later. For Cisco WAAS Software versions 5.1.x through 5.1.1c, update to version 5.1.1c or later. For Cisco WAAS Software versions 5.2.x through 5.2.1, update to version 5.2.1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-3443

Affected Products

Cisco Waas

PT-2013-4398 · Cisco · Cisco Waas

CVE-2013-3443

Weakness Enumeration

Related Identifiers

Affected Products

References · 8