Command Execution Vulnerability in Cisco Web Security Appliance
CVE-2013-3383

Currently unrated

Key Information:

Vendor: Cisco
Status: Ironport Asyncos
Vendor: CVE Published:; 27 June 2013

Summary

The Cisco Web Security Appliance's web framework has a command execution vulnerability that allows remote authenticated users to execute arbitrary commands. This flaw exists due to improper handling of crafted command-line input in a URL over IPv4, potentially leading to unauthorized access and manipulation of the system. It impacts specific versions of the AsyncOS, making it crucial for organizations to upgrade to the latest versions to mitigate risks associated with this vulnerability.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 27, 2013