CVE-2013-3384

https://notcve.org/view.php?id=CVE-2013-3384

The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579. El framework web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes v7.1.3-013, v7.5 antes de v7.5.0-838, y v7.7 antes de v7.7.0-550, dispositivos Email Security Appliance antes de v7.1.5-104, v7.3 antes de v7.3.2-026, v7.5 antes v7.5.2-203 y v7.6 antes v7.6.3-019, y dispositivos Content Security Management Appliance antes de v7.2.2-110, v7.7 antes de v7.7.0-213 y v7.8 y v7.9 antes de 7.9.1-102 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de entrada de línea de comandos diseñado en una URL, también conocido como Bug ID CSCzv85726, CSCzv44633 y CSCzv24579. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa • CWE-94: Improper Control of Generation of Code ('Code Injection') •