CVE-2013-3443

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/95877
http://secunia.com/advisories/54367
http://secunia.com/advisories/54372
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm	Vendor Advisory
http://www.securityfocus.com/bid/61542
http://www.securitytracker.com/id/1028851
https://exchange.xforce.ibmcloud.com/vulnerabilities/86121

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:wide_area_application_services:4.0.1:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.3:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.5:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.7:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.9:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.11:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.13:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.17:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.19:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.21:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.23:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.25:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.0.27:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:wide_area_application_services:4.1.1:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.1.1:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.1:b::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.1:c::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.1:d::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.3:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.1.3:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.3:b::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.5:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.5:b::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.5:c::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.5:d::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.5:e::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.5:f::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.5:g::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.7:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.1.7:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.1.7:b::::::

Configuration 3 (hide)

OR	cpe:2.3:a:cisco:wide_area_application_services:4.2.1:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.2.3:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.2.3:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.2.3:b::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.2.3:c::::::

Configuration 4 (hide)

OR	cpe:2.3:a:cisco:wide_area_application_services:4.3.1:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.3.3:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.3.5:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.3.5:a::::::

Configuration 5 (hide)

OR	cpe:2.3:a:cisco:wide_area_application_services:4.4.1:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.4.3:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.4.3:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.4.3:b::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.4.3:c::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.4.5:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:4.4.5:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.4.5:b::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.4.5:c::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.4.5:d::::::
	cpe:2.3:a:cisco:wide_area_application_services:4.4.7:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:cisco:wide_area_application_services:5.0.1:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:5.0.3:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:5.0.3:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:5.0.3:c::::::
	cpe:2.3:a:cisco:wide_area_application_services:5.0.3:d::::::

Configuration 7 (hide)

OR	cpe:2.3:a:cisco:wide_area_application_services:5.1.1:::::::*
	cpe:2.3:a:cisco:wide_area_application_services:5.1.1:a::::::
	cpe:2.3:a:cisco:wide_area_application_services:5.1.1:b::::::

Configuration 8 (hide)

cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-08-01 13:32

Updated : 2017-08-29 01:33

NVD link : CVE-2013-3443

Mitre link : CVE-2013-3443

CVE.ORG link : CVE-2013-3443

JSON object : View

Products Affected

cisco

wide_area_application_services

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-3443", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-01T13:32:30.387", "references": [{"url": "http://osvdb.org/95877", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/54367", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/54372", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/61542", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1028851", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86121", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626."}, {"lang": "es", "value": "El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1 con una configuraci\u00f3n como Central Manager (CM), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n POST manipulada. Aka Bug ID CSCuh26626."}], "lastModified": "2017-08-29T01:33:23.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8A2CC13-7854-4AC2-8550-5CE56EC47371"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18790F69-C8E4-4562-B327-11C3E3E3C344"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60439F29-ED59-4A64-BA5C-BAD560F8EEF2"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3773CE5E-D27E-46A0-B2EC-4693747FCFD3"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A813F07A-0429-4C5F-B821-EDAB74B93072"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "563442F9-81B4-48C7-BF78-4993C870047E"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC96EADC-B910-4E8F-872B-9B418325B8BE"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD862F3-EA53-44D6-8646-E8C825CF239D"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "826DB554-4F11-4FBD-AA4E-E86C6D100D72"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0C914D-633E-47A2-95BB-B95E920E9556"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1327E35-DE7C-4A3B-8777-D9403EFE754A"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13F3FE7E-4FCA-48C4-83FE-C0087DDAD5B1"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.0.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16FE683-E466-4023-8859-B56A3AD12648"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2A08E1E-D4AC-4021-AB43-8166F4EAD9A1"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093206E6-6D96-441C-A718-36827C2A3750"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "839EFA10-529F-441D-87F0-1EDC6F40F731"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F98A53E-DD8C-44E0-B138-B678A499FAD0"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.1:d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3A23B4B-3E6B-43A2-A1C4-D9A11FCC59AC"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB41F77E-D6C7-4E8D-8EF3-12451057F3D4"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF1AECDF-4333-4705-97F6-8D0B091B6000"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.3:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BF9647A-FDA1-48C2-80FE-430552D61638"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D3E92F6-2FD5-45D1-A273-20C6E9970AC0"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2D3596A-9E11-450C-807D-406BD0A1A806"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7C9941C-C1EC-4F49-893A-0D3AD7DE76E3"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9D0FDCE-1B72-470D-B027-37FB5DCB8647"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:e:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE1C168B-65F8-449E-9EC8-6229EEDD3166"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:f:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A547E973-DE4B-4A39-A132-6FF9A663E91B"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.5:g:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB483EDF-529B-4C21-9ADB-776430B24921"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14FBC408-7B98-414E-AA8B-B9B644CEA4D4"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0B1EF08-52EC-4B7E-80EA-A2C98C64D206"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.1.7:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC53B795-F475-4306-87DD-D37EB9F19189"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E02CBEA1-34F1-4E21-8329-8BC11AC14C8F"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C42C0832-1061-42DF-8F90-6EE69BD62E60"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADF2B1A0-9D42-4E7C-A3E5-0AD35EEFEF5D"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0D159D-818B-4E6D-B57F-BEBA9A27C805"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.2.3:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26830D5F-F5EA-4E91-BFAC-31F0D0A1229D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "651AD3E6-06AA-4AAD-802B-748E4FA2376C"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D6E0A1-AB8D-4F3D-B95B-0584785F75B2"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4D0FB0B-E392-4535-BCD2-9BF485765B12"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.3.5:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "203B4800-18F8-47E2-B6EB-03DB9B31608A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DEC1811-94D3-4BA3-B10E-07FE916B6022"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C954B9A-42A1-4B83-ABFB-69CFE9E8C6B7"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "989B17E6-B366-4F38-A7AD-E0A37D1FFBAE"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F622C2B-B6C3-48F8-BE2D-BBE3AF388F97"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.3:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FD954CF-9C7C-4BC1-B847-E15BEA14B7F9"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A4612F9-4DFC-489B-83B9-FAA2D49CC740"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7EA263B-CDA5-40BC-88AA-DFAA2C118C93"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "346EDFB4-2519-4F8D-B260-AD1C476FB6F1"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "070C7194-4D9B-4DBD-93A9-1720746875CE"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.5:d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93E106B4-3E58-4DDA-A3B1-DCF18CABA42A"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:4.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "498970B4-AE0A-4B5B-B365-8F8320C7C860"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0A96DA8-43BF-4D5D-97B5-1599B533FBC1"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5569334B-C66D-49EE-956E-8A6AD32532DA"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4C93313-B465-4530-9B67-782B40678228"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF1DA0E6-3653-4903-B90E-07DDFA90CF53"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.0.3:d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7473878-7A5A-4532-B268-207EA9A694E3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BB7F3B8-82D6-43CF-A94D-435BE14EE080"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CE19FB0-0235-4B62-ACFE-50BD8B135E65"}, {"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.1.1:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4087380-469A-4B09-BD1D-7792671E3A99"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50EAC274-984F-4F3C-A129-E9864CA982B0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}

10.0 /10