Details of VAR-201308-0090

ID

VAR-201308-0090

CVE

CVE-2013-3443

TITLE

Cisco WAAS Software of Web Vulnerability to execute arbitrary code in service framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-003630

DESCRIPTION

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. Vendors have confirmed this vulnerability Bug ID CSCuh26626 It is released as.Skillfully crafted by a third party POST Arbitrary code may be executed via a request. Cisco Wide Area Application Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue is being tracked by Cisco bug ID CSCuh26626. This software is mainly used in the link environment with small bandwidth and large delay. Cisco WAAS Software 4.x, Cisco WAAS Software 5.x prior to 5.0.3e, Cisco WAAS Software 5.1.x prior to 5.1.1c, Cisco WAAS Software 5.2.x prior to 5.2.1 are affected

Trust: 1.98

sources: NVD: CVE-2013-3443 // JVNDB: JVNDB-2013-003630 // BID: 61542 // VULHUB: VHN-63445

AFFECTED PRODUCTS

vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.23	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.25	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.19	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.3	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.27	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.7	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.21	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.0.3	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.11	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.17	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.5	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.3.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.3	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.13	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.3.3	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.3.5	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.5	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.2	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.7	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.9	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.2.3	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.7	Trust: 1.0
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.0.3e	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.1.1c	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	lt	version:	5.2.x	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.2.1	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	lt	version:	5.1.x	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	lt	version:	5.x	Trust: 0.8

sources: JVNDB: JVNDB-2013-003630 // CNNVD: CNNVD-201307-685 // NVD: CVE-2013-3443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3443
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3443
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201307-685
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-63445
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3443
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63445
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63445 // JVNDB: JVNDB-2013-003630 // CNNVD: CNNVD-201307-685 // NVD: CVE-2013-3443

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-63445 // JVNDB: JVNDB-2013-003630 // NVD: CVE-2013-3443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-685

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201307-685

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003630

PATCH

title:	cisco-sa-20130731-waascm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm	Trust: 0.8
title:	30211	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30211	Trust: 0.8
title:	cisco-sa-20130731-waascm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119242_cisco-sa-20130731-waascm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003630

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3443	Trust: 2.8
db:	BID	id:	61542	Trust: 2.0
db:	SECUNIA	id:	54367	Trust: 1.1
db:	SECUNIA	id:	54372	Trust: 1.1
db:	SECTRACK	id:	1028851	Trust: 1.1
db:	OSVDB	id:	95877	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003630	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-685	Trust: 0.7
db:	CISCO	id:	20130731 CISCO WAAS CENTRAL MANAGER REMOTE CODE EXECUTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-63445	Trust: 0.1

sources: VULHUB: VHN-63445 // BID: 61542 // JVNDB: JVNDB-2013-003630 // CNNVD: CNNVD-201307-685 // NVD: CVE-2013-3443

REFERENCES

url:	http://www.securityfocus.com/bid/61542	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130731-waascm	Trust: 1.7
url:	http://osvdb.org/95877	Trust: 1.1
url:	http://www.securitytracker.com/id/1028851	Trust: 1.1
url:	http://secunia.com/advisories/54367	Trust: 1.1
url:	http://secunia.com/advisories/54372	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/86121	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3443	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3443	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-63445 // BID: 61542 // JVNDB: JVNDB-2013-003630 // CNNVD: CNNVD-201307-685 // NVD: CVE-2013-3443

CREDITS

Cisco

Trust: 0.9

sources: BID: 61542 // CNNVD: CNNVD-201307-685

SOURCES

db:	VULHUB	id:	VHN-63445
db:	BID	id:	61542
db:	JVNDB	id:	JVNDB-2013-003630
db:	CNNVD	id:	CNNVD-201307-685
db:	NVD	id:	CVE-2013-3443

LAST UPDATE DATE

2025-04-11T23:05:36.259000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63445	date:	2017-08-29T00:00:00
db:	BID	id:	61542	date:	2013-08-01T20:35:00
db:	JVNDB	id:	JVNDB-2013-003630	date:	2013-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201307-685	date:	2013-08-06T00:00:00
db:	NVD	id:	CVE-2013-3443	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63445	date:	2013-08-01T00:00:00
db:	BID	id:	61542	date:	2013-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2013-003630	date:	2013-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201307-685	date:	2013-07-31T00:00:00
db:	NVD	id:	CVE-2013-3443	date:	2013-08-01T13:32:30.387