Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Wide Area Application Services, CDS, VDS, CDM code execution
Published:12.08.2013
Source:
SecurityVulns ID:13248
Type:remote
Threat Level:
7/10
Description:Code execution via HTTP POST request, privilege escalation.
Affected:CISCO : Cisco WAAS
 CISCO : Cisco ACNS
 CISCO : Cisco ECDS
 CISCO : Cisco CDS-IS
 CISCO : Cisco VDS-IS
 CISCO : Cisco VDS-SB
 CISCO : Cisco VDS-OE
 CISCO : Cisco VDS-OS
CVE:CVE-2013-3444 (The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.)
 CVE-2013-3443 (The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.)
Files:Cisco WAAS Central Manager Remote Code Execution Vulnerability
 Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod