CVE-2013-3444

CWE-78OS Command InjectionCWE-20Improper Input Validation4 documents4 sources
Severity
9.0CRITICAL
EPSS
2.6%
top 14.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Cisco Application AND Content Networking System SoftwareCisco Enterprise Content Delivery Network SoftwareCisco Internet Streamer Content Delivery System+5 more
Timeline
PublishedAug 1
Latest updateMay 17

Description

The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages8 packages

NVDcisco/videoscape_delivery_system1.0.0, 3.2.0, 3.2.1+2

🔴Vulnerability Details

2
GHSA
GHSA-gcm5-w3f4-h48v: The web framework in Cisco WAAS Software before 42022-05-17
CVEList
CVE-2013-3444: The web framework in Cisco WAAS Software before 42013-07-31

📋Vendor Advisories

1
Cisco
Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products2013-07-31
CVE-2013-3444 (CRITICAL CVSS 9) | The web framework in Cisco WAAS Sof | cvebase.io