CVE-2013-3443

CWE-20 โ€” Improper Input Validation4 documents4 sources
Severity
10.0CRITICAL
EPSS
7.9%
top 7.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Wide Area Application Services
Timeline
PublishedAug 1
Latest updateMay 17

Description

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

โ–ถNVDcisco/wide_area_application_services30 versions+29

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-6h72-hh8m-p9h2: The web service framework in Cisco WAAS Software 4โ†—2022-05-17
โ–ถ
CVEList
CVE-2013-3443: The web service framework in Cisco WAAS Software 4โ†—2013-07-31
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Cisco WAAS Central Manager Remote Code Execution Vulnerabilityโ†—2013-07-31
โ–ถ
CVE-2013-3443 (CRITICAL CVSS 10) | The web service framework in Cisco | cvebase.io