Vulnerability Description
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wide Area Application Services | 4.1.1 |
| Cisco | Application And Content Networking System Software | 4.1.3 |
| Cisco | Enterprise Content Delivery Network Software | 2.0 |
| Cisco | Internet Streamer Content Delivery System | 2.0 |
| Cisco | Videoscape Delivery System For Internet Streamer | 1.0.0 |
| Cisco | Videoscape Delivery System Origin Server | 1.0 |
| Cisco | Videoscape Distribution Suite Optimization Engine | 1.0.0 |
| Cisco | Videoscape Distribution Suite Service Broker | 1.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/54367
- http://secunia.com/advisories/54369
- http://secunia.com/advisories/54370
- http://secunia.com/advisories/54372
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/61543
- http://www.securitytracker.com/id/1028852
- http://www.securitytracker.com/id/1028853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86122
- http://secunia.com/advisories/54367
- http://secunia.com/advisories/54369
- http://secunia.com/advisories/54370
- http://secunia.com/advisories/54372
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/61543
FAQ
What is CVE-2013-3444?
CVE-2013-3444 is a vulnerability with a CVSS score of 9.0 (HIGH). The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before ...
How severe is CVE-2013-3444?
CVE-2013-3444 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3444?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wide Area Application Services, Cisco Application And Content Networking System Software, Cisco Enterprise Content Delivery Network Software, Cisco Internet Streamer Content Delivery System, Cisco Videoscape Delivery System For Internet Streamer.