Details of VAR-201308-0091

ID

VAR-201308-0091

CVE

CVE-2013-3444

TITLE

plural Cisco Product Web Framework arbitrary command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003631

DESCRIPTION

The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. plural Cisco Product Web Framework central management mode (central-management mode) Contains a vulnerability that allows arbitrary command execution. Vendors have confirmed this vulnerability Bug ID CSCug40609 , CSCug48855 , CSCug48921 , CSCug48872 , CSCuh21103 , CSCuh21020 ,and CSCug56790 It is released as.By a remotely authenticated user GUI An arbitrary command may be executed by adding a specially crafted string to the field value. Multiple Cisco Content Network and Video Delivery products are prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an unprivileged attacker to execute arbitrary commands on the affected system and completely compromise the affected devices. This issue is being tracked by Cisco bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. Cisco Wide Area Application Services (WAAS) is a set of WAN link acceleration software from Cisco. This software is mainly used in the link environment with small bandwidth and large delay

Trust: 1.98

sources: NVD: CVE-2013-3444 // JVNDB: JVNDB-2013-003631 // BID: 61543 // VULHUB: VHN-63446

AFFECTED PRODUCTS

vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.5	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.3	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.1.7	Trust: 1.6
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.4.3.17	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	4.2.13.1	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.4.1.10	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.15.2	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite optimization engine	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.7.7	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.25	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	4.2.11.5	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.15.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.2.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.29	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.27	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.17.6	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	4.2.5	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.13.7	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.11.2	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite service broker	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	cisco	model:	videoscape delivery system for internet streamer	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.1.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.21	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.13.2	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.17	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.5.4	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	4.2.9.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	4.2.7.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.13.7	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	cisco	model:	internet streamer content delivery system	scope:	eq	version:	2.6	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.7	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.27	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.0.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	4.1.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.4	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.19	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.21	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.7.7	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.4.7.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.23	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	2.5.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.15.5	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.9.9	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite service broker	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	cisco	model:	videoscape delivery system for internet streamer	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	internet streamer content delivery system	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.3.15	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.3.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.9.9	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.3.1	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.9.5	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.2	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.23	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.5.9	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite service broker	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.11.6	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.1.7	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.5	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4.7	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	4.2.3	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.1.5.2	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.11.6	Trust: 1.0
vendor:	cisco	model:	videoscape delivery system origin server	scope:	eq	version:	1.0	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.3.5	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.4.5.7	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5.25	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.11	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.19	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.17	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0.7.10	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.3.1	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	videoscape delivery system for internet streamer	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	2.5.5	Trust: 1.0
vendor:	cisco	model:	internet streamer content delivery system	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.9	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.3.5	Trust: 1.0
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.0.13	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for internet streaming	scope:	lt	version:	3.2.x	Trust: 0.8
vendor:	cisco	model:	application and content networking system	scope:	eq	version:	5.5.29.2	Trust: 0.8
vendor:	cisco	model:	cds-is software	scope:	lt	version:	3.1.x	Trust: 0.8
vendor:	cisco	model:	cds-is software	scope:	eq	version:	2.6.3.b50	Trust: 0.8
vendor:	cisco	model:	ecds software	scope:	eq	version:	2.5.6	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.0.3e	Trust: 0.8
vendor:	cisco	model:	vds-oe software	scope:	lt	version:	1.x	Trust: 0.8
vendor:	cisco	model:	vds-sb software	scope:	eq	version:	1.1.0-b96	Trust: 0.8
vendor:	cisco	model:	vds-oe software	scope:	eq	version:	1.0.1	Trust: 0.8
vendor:	cisco	model:	cds-is software	scope:	lt	version:	2.x	Trust: 0.8
vendor:	cisco	model:	videoscape distribution suite for internet streaming	scope:	eq	version:	3.2.1.b9	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	lt	version:	5.1.x	Trust: 0.8
vendor:	cisco	model:	application and content networking system	scope:	lt	version:	5.x	Trust: 0.8
vendor:	cisco	model:	vds-sb software	scope:	lt	version:	1.x	Trust: 0.8
vendor:	cisco	model:	cds-is software	scope:	eq	version:	3.1.2b54	Trust: 0.8
vendor:	cisco	model:	vds-os software	scope:	eq	version:	1.x	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.2.1	Trust: 0.8
vendor:	cisco	model:	ecds software	scope:	lt	version:	2.x	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.1.1c	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	lt	version:	5.2.x	Trust: 0.8
vendor:	cisco	model:	application and content networking system	scope:	eq	version:	4.x	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	lt	version:	5.x	Trust: 0.8
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.5.17	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.5.11	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.5.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.11	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.0.3	Trust: 0.3

sources: BID: 61543 // JVNDB: JVNDB-2013-003631 // CNNVD: CNNVD-201308-002 // NVD: CVE-2013-3444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3444
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3444
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201308-002
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-63446
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3444
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63446
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63446 // JVNDB: JVNDB-2013-003631 // CNNVD: CNNVD-201308-002 // NVD: CVE-2013-3444

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-63446 // JVNDB: JVNDB-2013-003631 // NVD: CVE-2013-3444

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-002

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201308-002

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003631

PATCH

title:	cisco-sa-20130731-cm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm	Trust: 0.8
title:	30212	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30212	Trust: 0.8
title:	cisco-sa-20130731-cm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119241_cisco-sa-20130731-cm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003631

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3444	Trust: 2.8
db:	BID	id:	61543	Trust: 1.4
db:	SECUNIA	id:	54367	Trust: 1.1
db:	SECUNIA	id:	54372	Trust: 1.1
db:	SECUNIA	id:	54369	Trust: 1.1
db:	SECUNIA	id:	54370	Trust: 1.1
db:	SECTRACK	id:	1028853	Trust: 1.1
db:	SECTRACK	id:	1028852	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003631	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-002	Trust: 0.7
db:	CISCO	id:	20130731 AUTHENTICATED COMMAND INJECTION VULNERABILITY IN MULTIPLE CISCO CONTENT NETWORK AND VIDEO DELIVERY PRODUCTS	Trust: 0.6
db:	VULHUB	id:	VHN-63446	Trust: 0.1

sources: VULHUB: VHN-63446 // BID: 61543 // JVNDB: JVNDB-2013-003631 // CNNVD: CNNVD-201308-002 // NVD: CVE-2013-3444

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130731-cm	Trust: 1.7
url:	http://www.securityfocus.com/bid/61543	Trust: 1.1
url:	http://www.securitytracker.com/id/1028852	Trust: 1.1
url:	http://www.securitytracker.com/id/1028853	Trust: 1.1
url:	http://secunia.com/advisories/54367	Trust: 1.1
url:	http://secunia.com/advisories/54369	Trust: 1.1
url:	http://secunia.com/advisories/54370	Trust: 1.1
url:	http://secunia.com/advisories/54372	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/86122	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3444	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3444	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-63446 // BID: 61543 // JVNDB: JVNDB-2013-003631 // CNNVD: CNNVD-201308-002 // NVD: CVE-2013-3444

CREDITS

Cisco

Trust: 0.3

sources: BID: 61543

SOURCES

db:	VULHUB	id:	VHN-63446
db:	BID	id:	61543
db:	JVNDB	id:	JVNDB-2013-003631
db:	CNNVD	id:	CNNVD-201308-002
db:	NVD	id:	CVE-2013-3444

LAST UPDATE DATE

2025-04-11T23:05:36.226000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63446	date:	2017-08-29T00:00:00
db:	BID	id:	61543	date:	2013-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2013-003631	date:	2013-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201308-002	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-3444	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63446	date:	2013-08-01T00:00:00
db:	BID	id:	61543	date:	2013-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2013-003631	date:	2013-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201308-002	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-3444	date:	2013-08-01T13:32:30.397