CVE-2013-3384

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.

El framework web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes v7.1.3-013, v7.5 antes de v7.5.0-838, y v7.7 antes de v7.7.0-550, dispositivos Email Security Appliance antes de v7.1.5-104, v7.3 antes de v7.3.2-026, v7.5 antes v7.5.2-203 y v7.6 antes v7.6.3-019, y dispositivos Content Security Management Appliance antes de v7.2.2-110, v7.7 antes de v7.7.0-213 y v7.8 y v7.9 antes de 7.9.1-102 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de entrada de línea de comandos diseñado en una URL, también conocido como Bug ID CSCzv85726, CSCzv44633 y CSCzv24579.

*Credits: N/A

CVSS Scores

NISTv2 9.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-05-06 CVE Reserved
2013-06-27 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa	2018-10-30
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma	2018-10-30
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.3 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.3"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.3 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.3"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.3 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.3"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.2 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.2"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.2 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.2"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.2 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.2"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.7 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.7"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.7 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.7"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.7 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.7"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.8 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.8"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.8 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.8"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.8 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.8"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe