PT-2013-4399 · Cisco · Cisco Cds-Is+7

Published

2013-07-31

·

Updated

2017-08-29

·

CVE-2013-3444

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Cisco WAAS Software versions prior to 4.x and 5.x before 5.0.3e Cisco WAAS Software versions 5.1.x before 5.1.1c Cisco WAAS Software versions 5.2.x before 5.2.1 Cisco ACNS Software versions 4.x and 5.x before 5.5.29.2 Cisco ECDS Software versions 2.x before 2.5.6 Cisco CDS-IS Software versions 2.x before 2.6.3.b50 Cisco CDS-IS Software versions 3.1.x before 3.1.2b54 Cisco VDS-IS Software versions 3.2.x before 3.2.1.b9 Cisco VDS-SB Software versions 1.x before 1.1.0-b96 Cisco VDS-OE Software versions 1.x before 1.0.1 Cisco VDS-OS Software versions 1.x
Description The issue allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields.
Recommendations For Cisco WAAS Software versions prior to 4.x, update to version 4.x or later. For Cisco WAAS Software versions 5.x before 5.0.3e, update to version 5.0.3e or later. For Cisco WAAS Software versions 5.1.x before 5.1.1c, update to version 5.1.1c or later. For Cisco WAAS Software versions 5.2.x before 5.2.1, update to version 5.2.1 or later. For Cisco ACNS Software versions 4.x and 5.x before 5.5.29.2, update to version 5.5.29.2 or later. For Cisco ECDS Software versions 2.x before 2.5.6, update to version 2.5.6 or later. For Cisco CDS-IS Software versions 2.x before 2.6.3.b50, update to version 2.6.3.b50 or later. For Cisco CDS-IS Software versions 3.1.x before 3.1.2b54, update to version 3.1.2b54 or later. For Cisco VDS-IS Software versions 3.2.x before 3.2.1.b9, update to version 3.2.1.b9 or later. For Cisco VDS-SB Software versions 1.x before 1.1.0-b96, update to version 1.1.0-b96 or later. For Cisco VDS-OE Software versions 1.x before 1.0.1, update to version 1.0.1 or later. For Cisco VDS-OS Software versions 1.x, update to a version that is not in central-management mode or apply the necessary patch.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2013-3444

Affected Products

Cisco Acns
Cisco Cds-Is
Cisco Ecds
Cisco Vds-Is
Cisco Vds-Oe
Cisco Vds-Os
Cisco Vds-Sb
Cisco Waas