CVSS: 10.0EPSS: 9%CPEs: 60EXPL: 0CVE-2013-3443
https://notcve.org/view.php?id=CVE-2013-3443
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1 con una configuración como Central Manager (CM), permite a atacantes remotos ejecutar código arbitrario a través de una petición POST manipulada. Aka Bug ID CSCuh26626. • http://osvdb.org/95877 http://secunia.com/advisories/54367 http://secunia.com/advisories/54372 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm http://www.securityfocus.com/bid/61542 http://www.securitytracker.com/id/1028851 https://exchange.xforce.ibmcloud.com/vulnerabilities/86121 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 120EXPL: 0CVE-2013-3444
https://notcve.org/view.php?id=CVE-2013-3444
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1; Cisco ACNS Software 4.x y 5.x anterior a 5.5.29.2; Cisco ECDS Software 2.x anterior a 2.5.6; Cisco CDS-IS Software 2.x anterior a 2.6.3.b50 y 3.1.x anterior a 3.1.2b54; Cisco VDS-IS Software 3.2.x anterior a 3.2.1.b9; Cisco VDS-SB Software 1.x anterior a 1.1.0-b96; Cisco VDS-OE Software 1.x anterior a 1.0.1; y Cisco VDS-OS Software 1.x en modo central-management, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios añadiendo cadenas con valores modificados en los campos GUI. Aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, y CSCug56790. • http://secunia.com/advisories/54367 http://secunia.com/advisories/54369 http://secunia.com/advisories/54370 http://secunia.com/advisories/54372 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm http://www.securityfocus.com/bid/61543 http://www.securitytracker.com/id/1028852 http://www.securitytracker.com/id/1028853 https://exchange.xforce.ibmcloud.com/vulnerabilities/86122 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •