CVE-2021-1438 – Cisco Wide Area Application Services Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1438
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access. Una vulnerabilidad en el software Cisco Wide Area Application Services (WAAS) podría permitir a un atacante local autenticado conseguir acceso a información confidencial en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2014-3285
https://notcve.org/view.php?id=CVE-2014-3285
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. Cisco Wide Area Application Services (WAAS) 5.3(.5a) y anteriores, cuando SharePoint Acceleration está habilitado, no analiza debidamente respuestas SharePoint, lo que permite a atacantes remotos causar una denegación de servicio (reinicio de manejador de optimización de aplicación) a través de una aplicación SharePoint manipulada, también conocido como Bug ID CSCue47674. • http://secunia.com/advisories/58806 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285 http://tools.cisco.com/security/center/viewAlert.x?alertId=34395 http://www.securityfocus.com/bid/67696 http://www.securitytracker.com/id/1030307 • CWE-20: Improper Input Validation •
CVE-2013-3444
https://notcve.org/view.php?id=CVE-2013-3444
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1; Cisco ACNS Software 4.x y 5.x anterior a 5.5.29.2; Cisco ECDS Software 2.x anterior a 2.5.6; Cisco CDS-IS Software 2.x anterior a 2.6.3.b50 y 3.1.x anterior a 3.1.2b54; Cisco VDS-IS Software 3.2.x anterior a 3.2.1.b9; Cisco VDS-SB Software 1.x anterior a 1.1.0-b96; Cisco VDS-OE Software 1.x anterior a 1.0.1; y Cisco VDS-OS Software 1.x en modo central-management, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios añadiendo cadenas con valores modificados en los campos GUI. Aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, y CSCug56790. • http://secunia.com/advisories/54367 http://secunia.com/advisories/54369 http://secunia.com/advisories/54370 http://secunia.com/advisories/54372 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm http://www.securityfocus.com/bid/61543 http://www.securitytracker.com/id/1028852 http://www.securitytracker.com/id/1028853 https://exchange.xforce.ibmcloud.com/vulnerabilities/86122 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2013-3443
https://notcve.org/view.php?id=CVE-2013-3443
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. El framework web en Cisco WAAS Software anterior a 4.x y 5.x anterior a 5.0.3e, 5.1.x anterior a 5.1.1c, y 5.2.x anterior a 5.2.1 con una configuración como Central Manager (CM), permite a atacantes remotos ejecutar código arbitrario a través de una petición POST manipulada. Aka Bug ID CSCuh26626. • http://osvdb.org/95877 http://secunia.com/advisories/54367 http://secunia.com/advisories/54372 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm http://www.securityfocus.com/bid/61542 http://www.securitytracker.com/id/1028851 https://exchange.xforce.ibmcloud.com/vulnerabilities/86121 • CWE-20: Improper Input Validation •
CVE-2007-3923
https://notcve.org/view.php?id=CVE-2007-3923
The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445. La optimización Common Internet File System (CIFS)de Cisco Wide Area Application Services (WAAS) 4.0.7 y 4.0.9, tal y como se usa en Cisco WAE appliance y el módulo de red NM-WAE-502, cuando Edge Services está configurado, permite a atacantes remotos provocar una denegación de servicio (pérdida de servicio) mediante una indundación de paquetes TCP SYN al puerto (1) 139 ó (2) 445. • http://secunia.com/advisories/26122 http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml http://www.osvdb.org/36120 http://www.securityfocus.com/bid/24956 http://www.securitytracker.com/id?1018416 http://www.vupen.com/english/advisories/2007/2572 https://exchange.xforce.ibmcloud.com/vulnerabilities/35477 •