Authenticated Command Injection in Cisco WAAS and ACNS Software
CVE-2013-3444

Currently unrated

Key Information:

Vendor: Cisco
Status: Wide Area Application Services
Vendor: CVE Published:; 1 August 2013

Summary

The web framework in multiple Cisco content delivery products has a command injection vulnerability. Remote authenticated users can exploit this flaw by appending specially crafted strings to input fields within the graphical user interface, potentially allowing for arbitrary command execution. This vulnerability impacts several versions of Cisco WAAS, ACNS, ECDS, and VDS software, thereby exposing the underlying systems to significant risks. It is crucial for users of these products to apply the appropriate updates and patches to mitigate the vulnerabilities.

References

http://www.securitytracker.com/id/1028852

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/54367

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Aug 1, 2013
Vulnerability Reserved
May 6, 2013