Remote Code Execution Vulnerability in Cisco WAAS Software
CVE-2013-3443

Currently unrated

Key Information:

Vendor: Cisco
Status: Wide Area Application Services
Vendor: CVE Published:; 1 August 2013

What is CVE-2013-3443?

The web service framework in Cisco WAAS Software versions prior to 5.0.3e, 5.1.1c, and 5.2.1 is susceptible to a vulnerability that permits remote attackers to execute arbitrary code. This exploitation can occur through maliciously crafted POST requests sent to systems operating in a Central Manager configuration, posing serious security risks to affected installations.

References

http://www.securitytracker.com/id/1028851

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/54367

third-party-advisoryx_refsource_SECUNIA

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2013
Vulnerability Reserved
May 6, 2013